Re: [ADVANCED-DOTNET] Increased Security

2007-11-20 Thread Bill Bassler
Here are some guidelines that I found in a recent similar situation. I think what you might be looking to satisfy is possibly multi-factor authentication' Pass phrases will not satisfy this because tenents are: 'Something you know', such as a password, PIN or an out of wallet response. 'Something

Re: [ADVANCED-DOTNET] Increased security

2007-11-19 Thread James Geall
I believe cardspace is still quite painful to implement. I got this impression from the cardspace Q&A at teched. No one had a good story to tell about it. But if you want more information on it, dominick baier has blogged on www.leastprivilege.com about it. DO NOT USE MD5. It is so broken. Us

Re: [ADVANCED-DOTNET] Increased Security

2007-11-19 Thread Pardee, Roy
OM Subject: Re: [ADVANCED-DOTNET] Increased Security I've noticed more banks and credit card companies doing this sort of additional authentication (pictures, passphrases, etc). For instance my bank recently had me choose 3 security questions from a list of about 10. Things like the name of th

Re: [ADVANCED-DOTNET] Increased Security

2007-11-19 Thread Robert Lee
PM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: Re: [ADVANCED-DOTNET] Increased Security All this is still open to phishing is one worry. [EMAIL PROTECTED] > Date: Mon, 19 Nov 2007 12:18:22 -0500> From: [EMAIL PROTECTED]> Subject: Re: [ADVANCED-DOTNET] Increased Secur

Re: [ADVANCED-DOTNET] Increased security

2007-11-19 Thread Paul Mehner
Your description of your security sounds normal and reasonable. You may need to get some specifics from your client as to what exactly it is that they aren't happy about regarding your level of security. Without such knowledge, it is hard to determine if Cardspace will improve things. It is possibl

Re: [ADVANCED-DOTNET] Increased Security

2007-11-19 Thread Paul Cowan
All this is still open to phishing is one worry. [EMAIL PROTECTED] > Date: Mon, 19 Nov 2007 12:18:22 -0500> From: [EMAIL PROTECTED]> Subject: Re: > [ADVANCED-DOTNET] Increased Security> To: > ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > that bank might be "bank of a

Re: [ADVANCED-DOTNET] Increased Security

2007-11-19 Thread Paul Cowan
:11:35 -0500> From: [EMAIL PROTECTED]> Subject: Re: > [ADVANCED-DOTNET] Increased Security> To: > ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > can your clients specifically pinpoint > what they don't like about the> current security setup you use?> > Or did >

Re: [ADVANCED-DOTNET] Increased Security

2007-11-19 Thread Phil Sayers
Message- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] Behalf Of Paul Cowan Sent: Monday, November 19, 2007 12:14 PM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: Re: [ADVANCED-DOTNET] Increased Security Hi, They just do not feel username and password is adequate securit

Re: [ADVANCED-DOTNET] Increased Security

2007-11-19 Thread Phil Sayers
can your clients specifically pinpoint what they don't like about the current security setup you use? Or did they hear some buzzword in your description that kinda/sorta/might/maybe/possbily be mentioned in something else they read about how it might not be secure? -Original Message- F