unix_fan wrote: > > --- On Sat, 5/16/09, Matthew Barr <[email protected]> wrote: > [] > >> Also: does anyone have any decent suggestions for 2 factor systems >> that are free? I'd prefer not to have to carry any kind of token. >> The group has Blackberries, and iphones, + laptops, basically. >> > > Matt: > > You are asking two different questions. RSA SecurID has an application for > the Blackberry that supplements the physical token. You can continue to use > the physical token as well. I use it, works like a champ. Not free, but > accomplishes your second motivation to eliminate carrying around yet another > gadget. > > Alladin's Safeword has client software for Blackberries, Palms, Java ME mobile devices, Windows, and even SMS text message token delivery. $WORK uses an older version that does not support these devices (except for Windows -UGH! Imagine a token the size of a laptop! :-), so I carry a physical token (credit card sized with keypad). It is not time-based like SecureID, but rather you enter a PIN and get the next token.
You might want to look at S/Key - I used it many moons ago for incoming access to my own workstation over clear links (think: before SSH :-), and it worked well enough, but the 'token' is a list of the next 'n' passwords. If you were to combine this with a 'password wallet' encryption package on whatever device the individual has, you get a poor-man's Safeword token. When you're needing to support these kinds of platforms for your organisation, think about how the individual will have to set up an initial key, how they're going to rekey it (if needed), how you handle lost tokens, etc. You may find the price of one of the commercial solutions isn't that terrible when you consider the support costs for a 'free' solution... - Richard _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
