We have been using CAC's (Common Access Cards) for years. They work as
a photo ID as well as for network authentication. Ours contain a mag a
strip as well as a smart chip. BTW, we still have a regular password
that changes every 120 (?) days for the website through which all our
CAC's and the
It would also seem possible to write code that requires the system to
wait, say five seconds, before another attempt at a correct password may
be made, thus making a dictionary attack impossibly long.
Pre OS X Apple servers would double the delay time each time you entered
an incorrect
I have 3 of these 6 digit RSA randomizers that create same code on the little
thingie I have , and another at eTrade. two of them are for eTrade accounts.
(one for me, one for my wife). what with swapping accounts, I spend more time
logging in than I do drinking any more.
could I use a
I'm totally unfamiliar with these things so I can't answer. I wouldn't
_think_ there's any kind of compatibility.? It just seems to me like
two totally different things. Roboform stores passwords, the generator
keeps making new ones.
Keep us advised.
On Dec 30, 2007 10:47 AM, gerald [EMAIL
On Dec 30, 2007 10:47 AM, gerald [EMAIL PROTECTED] wrote:
I have 3 of these 6 digit RSA randomizers that create same code on the
little thingie I have , and another at eTrade. two of them are for eTrade
accounts. (one for me, one for my wife). what with swapping accounts, I
spend more time
I have 3 of these 6 digit RSA randomizers that create same code on the
little thingie I have , and another at eTrade. two of them are for eTrade
accounts. (one for me, one for my wife). what with swapping accounts, I
spend more time logging in than I do drinking any more.
If one breaks you
I suspect it's only a matter of time before they write a
screenreader/mouselogger that will do the same thing as a keylogger.
These already exist and they work at a distance. The screen display is
produced by a string of bytes sent to it serially by the video card.
Because it repeats at a
These are not randomizers. They wouldn't do any good if they created random
digits. What they do is create the same set of digits on your device that
they do at the site that verifies the digits you enter.
These are pseudo-randomizers. They use an algorithm to produce digits
that appear
On Dec 30, 2007 11:59 AM, Tom Piwowar [EMAIL PROTECTED] wrote:
These are not randomizers. They wouldn't do any good if they created
random
digits. What they do is create the same set of digits on your device
that
they do at the site that verifies the digits you enter.
These are
On Dec 30, 2007 11:42 AM, Tom Piwowar [EMAIL PROTECTED] wrote:
I have 3 of these 6 digit RSA randomizers that create same code on the
little thingie I have , and another at eTrade. two of them are for
eTrade
accounts. (one for me, one for my wife). what with swapping accounts, I
spend
No you can't change the battery you need to get a new one. They are
set at the factory and synced to a data base somewhere that checks the
out put against what is expected. These things are basically clocks
that generate a random looking number for each 30 seconds of time. If
you were to write
At 01:31 PM 12/30/2007, you wrote:
No you can't change the battery you need to get a new one. They are
set at the factory and synced to a data base somewhere that checks the
out put against what is expected. These things are basically clocks
that generate a random looking number for each 30
The Serial number identifies the unit and each is set up with a
different pattern of random numbers but they are predictable for each
of the units. Web sites that use this system check back with Verisign
or whoever to confirm your login number. They explained this in
detail on the Security Now
Passwords have to be stored on the computer or network so the OS can
verify what is typed in. The secure way to do this is to never store an
actual password, but instead a hashed version. So when a password is
typed it is hashed by the computer and compared to the stored version.
This way
Not until you come up with a better solution.
On Dec 29, 2007 9:51 AM, Tom Piwowar [EMAIL PROTECTED] wrote:
So isn't all the fuss to force us to make up long, complicated passwords
and change them frequently, just a silly waste of time? What they call
security theater.
Some systems will lock you out after a small number of consecutive failed
authentication attempts. Three? Five? Ten?
It would also seem possible to write code that requires the system to wait, say
five seconds, before another attempt at a correct password may be made, thus
making a
what is a CAC card??
what is good s/w for changing storing p/w's?
Fred Holmes wrote:
Some systems will lock you out after a small number of consecutive failed
authentication attempts. Three? Five? Ten?
It would also seem possible to write code that requires the system to wait, say
five
There are at least two good options in Windows. I own two copies of
Roboform (http://www.roboform.com) - one for my desktop and one for my
flash drive. Not only allows you to use maximum strength passwords,
but allows you to enter your own master password with your mouse (to
avoid keyloggers that
what about fingerprint scanner at the station?
Mike
On Dec 29, 2007 10:47 AM, Tony B [EMAIL PROTECTED] wrote:
There are at least two good options in Windows. I own two copies of
Roboform (http://www.roboform.com) - one for my desktop and one for my
flash drive. Not only allows you to use
Tony B
snip
CAC cards (http://en.wikipedia.org/wiki/Common_Access_Card)
smack more of a national ID card than anything else. I doubt
they'll catch on soon, unless maybe Bush declares martial
law and outlaws election next year.
On Dec 29, 2007 12:15 PM, Judy Cosler [EMAIL PROTECTED] wrote:
I think the paypal football
https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/PPSecurityKey-outside
is more likely to catch on as a personal security feature. You log in
with your account id, password and the random appearing number.
Paypal is a cheap source for these at
A CAC card (Computer Authorization Card???) is a ROM that plugs into a USB port
and is the authentication for Windows/system logon, and everything else. It's
been used for a few years now on military networks. No reason it couldn't be
extended to civilian uses. CAC may not be entirely
OK, but what's their reliability? I haven't read anything on their performance
in actual practice. There's your national ID once they become very reliable.
Fred Holmes
At 02:20 PM 12/29/2007, mike wrote:
what about fingerprint scanner at the station?
Mike
Your SSAN is already a national ID for anyone with even a modicum of financial
assets. If banks start offering them, I'll take one. A lot quicker and easier
than dealing with passwords.
Fred Holmes
At 12:47 PM 12/29/2007, Tony B wrote:
CAC cards
24 matches
Mail list logo
