On Tue, 2010-04-27 at 16:22 -0400, Benjamin Scott wrote:
If you're still using a passWORD on today's Internet, you're already
in a very high risk category. Using an English word for a password is
supposed to be roughly equivalent to using 12 bit encryption or
something like that.
I
On Tue, Apr 27, 2010 at 5:26 PM, Lloyd Kvam lk...@venix.com wrote:
Do you think it is hopeless trying to educate users to import a
certificate and protect it with a pass phrase?
Yes, see #5:
http://www.ranum.com/security/computer_security/editorials/dumb/
However, that's not to say you can't
On Tue, Apr 27, 2010 at 5:26 PM, Lloyd Kvam lk...@venix.com wrote:
Has anyone here tried to use certificates or public-keys to control
access?
Yes. A few of our customers at $WORK do this. (Of course, they
usually email us the private key without any transport protection, but
hey, you
On Tue, Apr 27, 2010 at 5:51 PM, Alan Johnson a...@datdec.com wrote:
Personally, I like the open id concept. Assuming you have a secure
provider, and a secure password/cert with them ...
So, it fails on both counts, then. HHOS.
Large-scale SSO systems scare me because if the SSO host is
