Re: [CGUYS] Are Passwords Obsolete?

2008-01-02 Thread MrMike6by9
We have been using CAC's (Common Access Cards) for years. They work as a photo ID as well as for network authentication. Ours contain a mag a strip as well as a smart chip. BTW, we still have a regular password that changes every 120 (?) days for the website through which all our CAC's and the asso

Re: [CGUYS] Are Passwords Obsolete?

2007-12-31 Thread Tom Piwowar
>It would also seem possible to write code that requires the system to >wait, say five seconds, before another attempt at a correct password may >be made, thus making a dictionary attack impossibly long. Pre OS X Apple servers would double the delay time each time you entered an incorrect passw

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread John Duncan Yoyo
The Serial number identifies the unit and each is set up with a different pattern of random numbers but they are predictable for each of the units. Web sites that use this system check back with Verisign or whoever to confirm your login number. They explained this in detail on the Security Now po

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread gerald
At 01:31 PM 12/30/2007, you wrote: >No you can't change the battery you need to get a new one. They are >set at the factory and synced to a data base somewhere that checks the >out put against what is expected. These things are basically clocks >that generate a random looking number for each 30 s

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread John Duncan Yoyo
No you can't change the battery you need to get a new one. They are set at the factory and synced to a data base somewhere that checks the out put against what is expected. These things are basically clocks that generate a random looking number for each 30 seconds of time. If you were to write d

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread John DeCarlo
On Dec 30, 2007 11:42 AM, Tom Piwowar <[EMAIL PROTECTED]> wrote: > >I have 3 of these 6 digit RSA randomizers that create same code on the > >little thingie I have , and another at eTrade. two of them are for > eTrade > >accounts. (one for me, one for my wife). what with swapping accounts, I >

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread John DeCarlo
On Dec 30, 2007 11:59 AM, Tom Piwowar <[EMAIL PROTECTED]> wrote: > >These are not randomizers. They wouldn't do any good if they created > random > >digits. What they do is create the same set of digits on your device > that > >they do at the site that verifies the digits you enter. > > These ar

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread Tom Piwowar
>These are not randomizers. They wouldn't do any good if they created random >digits. What they do is create the same set of digits on your device that >they do at the site that verifies the digits you enter. These are pseudo-randomizers. They use an algorithm to produce digits that appear rand

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread Tom Piwowar
>I suspect it's only a matter of time before they write a >screenreader/mouselogger that will do the same thing as a keylogger. These already exist and they work at a distance. The screen display is produced by a string of bytes sent to it serially by the video card. Because it repeats at a kno

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread Tom Piwowar
>I have 3 of these 6 digit RSA randomizers that create same code on the >little thingie I have , and another at eTrade. two of them are for eTrade >accounts. (one for me, one for my wife). what with swapping accounts, I >spend more time logging in than I do drinking any more. If one breaks y

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread John DeCarlo
On Dec 30, 2007 10:47 AM, gerald <[EMAIL PROTECTED]> wrote: > I have 3 of these 6 digit RSA randomizers that create same code on the > little thingie I have , and another at eTrade. two of them are for eTrade > accounts. (one for me, one for my wife). what with swapping accounts, I > spend more

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread Tony B
I'm totally unfamiliar with these things so I can't answer. I wouldn't _think_ there's any kind of compatibility.? It just seems to me like two totally different things. Roboform stores passwords, the generator keeps making new ones. Keep us advised. On Dec 30, 2007 10:47 AM, gerald <[EMAIL PROTE

Re: [CGUYS] Are Passwords Obsolete?

2007-12-30 Thread gerald
I have 3 of these 6 digit RSA randomizers that create same code on the little thingie I have , and another at eTrade. two of them are for eTrade accounts. (one for me, one for my wife). what with swapping accounts, I spend more time logging in than I do drinking any more. could I use a ro

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Fred Holmes
At 12:47 PM 12/29/2007, Tony B wrote: >Roboform (http://www.roboform.com) - one for my desktop and one for my >flash drive. Not only allows you to use maximum strength passwords, >but allows you to enter your own master password with your mouse (to >avoid keyloggers that are so common today). I s

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Fred Holmes
Your SSAN is already a national ID for anyone with even a modicum of financial assets. If banks start offering them, I'll take one. A lot quicker and easier than dealing with passwords. Fred Holmes At 12:47 PM 12/29/2007, Tony B wrote: >CAC cards (http://en.wikipedia.org/wiki/Common_Access_Ca

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Fred Holmes
OK, but what's their reliability? I haven't read anything on their performance in actual practice. There's your national ID once they become very reliable. Fred Holmes At 02:20 PM 12/29/2007, mike wrote: >what about fingerprint scanner at the station? > >Mike *

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Fred Holmes
A CAC card (Computer Authorization Card???) is a ROM that plugs into a USB port and is the authentication for Windows/system logon, and everything else. It's been used for a few years now on military networks. No reason it couldn't be extended to civilian uses. "CAC" may not be entirely corre

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread John Duncan Yoyo
I think the paypal football is more likely to catch on as a personal security feature. You log in with your account id, password and the random appearing number. Paypal is a cheap source for these a

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Wayne Dernoncourt
Tony B > CAC cards (http://en.wikipedia.org/wiki/Common_Access_Card) > smack more of a national ID card than anything else. I doubt > they'll catch on soon, unless maybe Bush declares martial > law and outlaws election next year. > On Dec 29, 2007 12:15 PM, Judy Cosler <[EMAIL PROTECTED]> wrote

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread mike
what about fingerprint scanner at the station? Mike On Dec 29, 2007 10:47 AM, Tony B <[EMAIL PROTECTED]> wrote: > There are at least two good options in Windows. I own two copies of > Roboform (http://www.roboform.com) - one for my desktop and one for my > flash drive. Not only allows you to use

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Tony B
There are at least two good options in Windows. I own two copies of Roboform (http://www.roboform.com) - one for my desktop and one for my flash drive. Not only allows you to use maximum strength passwords, but allows you to enter your own master password with your mouse (to avoid keyloggers that a

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Judy Cosler
what is a CAC card?? what is good s/w for changing & storing p/w's? Fred Holmes wrote: Some systems will lock you out after a small number of consecutive failed authentication attempts. Three? Five? Ten? It would also seem possible to write code that requires the system to wait, say five

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Fred Holmes
Some systems will lock you out after a small number of consecutive failed authentication attempts. Three? Five? Ten? It would also seem possible to write code that requires the system to wait, say five seconds, before another attempt at a correct password may be made, thus making a dictionar

Re: [CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Tony B
Not until you come up with a better solution. On Dec 29, 2007 9:51 AM, Tom Piwowar <[EMAIL PROTECTED]> wrote: > So isn't all the fuss to force us to make up long, complicated passwords > and change them frequently, just a silly waste of time? What they call > "security theater."

[CGUYS] Are Passwords Obsolete?

2007-12-29 Thread Tom Piwowar
Passwords have to be stored on the computer or network so the OS can verify what is typed in. The secure way to do this is to never store an actual password, but instead a hashed version. So when a password is typed it is hashed by the computer and compared to the stored version. This way there