Home page logo

basics logo Security Basics mailing list archives

RE: Two Factor authentication and changing passwords
From: "Nick Owen" <nickowen () mindspring com>
Date: Wed, 4 Jan 2006 23:39:14 -0500

If they are using the OTP and PIN, why are they using passwords at all? Or
are they using SecurID for remote access and therefore feel they don't need
to change their LAN passwords?  If the latter, I can see why they are saying
that - passwords are a pain.  Can they segment critical sections of the lan
or applications off as remote access, requiring 2FA?

If they are using passwords with the PIN and OTP for remote access, I say
drop the passwords altogether.  They are more likely to get sniffed on
wireless connection, etc.  


-----Original Message-----
From: Brian Johnson [mailto:brian.l.johnson () gmail com] 
Sent: Wednesday, January 04, 2006 11:57 AM
To: security-basics () securityfocus com
Subject: Two Factor authentication and changing passwords

I was wondering if anyone could point me towards some 
recommendations for how often passwords should be changed if 
two-factor authentication is used.

I am working with a client who thinks that using SecurID 
tokens means they should never have to change their passwords 
but I am not comfortable with this.

Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
At last, two-factor authentication, without the hassle factor.
Now open source: http://sourceforge.net/projects/wikid-twofactor/

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]