Can you talk them into using two factor authentication mechanisms such as SecureID/ACE or perhaps use PKI? If portability is an issue, RSA has modules that will allow you to dynamically and securely authenticate from anywhere using SecureID and a ACE server. You can also store digital certs on a token from Rainbow or other (USB so no reader necessary) and use IIS's support of PKI and certificate authentication/mapping to your NT accounts.
Passwords will always equal non secure. Walt On Wed, 18 Dec 2002 12:28:50 -0800 David Brown <[EMAIL PROTECTED]> wrote: > My company is working on a webmail > implementation, which requires that the user > authenticate to an NT domain. Regardless of > the authentication method, there is always an > option in the login dialog to 'Save this > password in your password list', which seems to > be browser driven. I don't want my user > population saving their passwords to various > computers all over the world. Does anyone have > a clue how to remove or disable this option? > > David M. Brown > Director, IT Services > S Y N E R G E X > > Office: 916 853-0396 > Mobile: 916 718-6695 > FAX: 916 635-6549 > >
