At 11:28 AM -0400 5/11/05, Goertzel Karen wrote: >Of course, and SSO is only as secure as (1) the assurance of the >credential on which it bases its authentication decisions (a static >password with an SSO is a really STUPID idea);
That depends on the security of the channel between the user and the entity authenticating the password. A fixed password used to unlock a token by entering it into keys on the token is not bad. Use the keyboard associated with a programmable computer, and you increase the risks monumentally. -- Larry Kilgallen
