On Thu, Aug 28, 2008 at 11:59:19PM -0700, [EMAIL PROTECTED] wrote:
On Thu, Aug 28, 2008 at 11:51:33PM -0700, James G. Sack (jim) wrote:
And then there's the disturbing bottom-line that the factor is
[human-entry] limited to a short string of characters, so one has to
wonder about the overall strength of the system anyway!
I use an RSA SecurID fob everyday. It doesn't *just* rely on the tiny string
but it must be appended to a typical account password.
Although using the fob greatly reduces the complexity of a password
needed for a given level of security. Even a simple English word is
adequate, since there is no way for an attacker to gain any knowledge
about the password.
In possession of the fob, they get three tries.
David
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
