Joseph Mack PhD, High Performance Computing & Scientific Visualisation LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 Federal Contact - John B. Smith 919-541-1087 - [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote on 02/24/2005 12:38:37 PM: > [EMAIL PROTECTED] wrote: > > > I've had the same 4 digit PIN on my ATM card for about 20yrs and my > > account hasn't been cracked yet. > > Not a fair comparison. Agreed. A recent article http://it.slashdot.org/article.pl?sid=05/02/03/1855258&tid=172&tid=1 points out that passwords aren't a real good solution in the first place, which was the point I was hoping people would get from the ATM example. > ATM authentication is two factor: something you > have (your ATM card) and something you know (your PIN). > Passwords are single factor: something you know. > Two factor authentication for system > login would lessen the complexity requirements for passwords. Presumably the ATM card piece of info is hard to guess (there is a large sparsely occupied namespace used on the magnetic strip). For conventional login, you have a username and a passwd. Neither should be known to the attacker, but it isn't hard to guess usernames, so make the standard login a 1.1 factor authentication. Joe -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
