Hello, --- Scott Allan <[EMAIL PROTECTED]> wrote: > I can commit to exploring enhanced security options for all our > registrations - I will send out a draft (once we explore and > assemble) for > your comment here.
In addition to the digital certificate (client-side, like banking clients get from Entrust, etc.) and other suggestions I made earlier, I had another that I just remembered. It's a 2-factor security solution, from RSA, called SecurID, discussed here: http://www.rsasecurity.com/products/securid/ Basically, things would work just like now (i.e. one has a standard password). BUT, one also is issued a credit-card sized authenticator, based on time synchronization. For a picture, see: http://www.rsasecurity.com/products/securid/hardware_token.html When logging in, one is challenged to enter the authenticate code that is generated automatically (based on time) on the authenticator. Thus, a malevolent individual needs not only your password, but also the physical authenticator (each authenticator generates different time codes, and the server knows which are valid). An advantage of this system is that it's fairly easy to implement on the client side (i.e. send them an authenticator by snail mail), and doesn't require that they have Windows or a specific operating system. Brokerage firms tend to use these a lot when giving clients remote logins. Sincerely, George Kirikos http://www.kirikos.com/ __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com
