|
Firewall Wizards
mailing list archives
Re: Username password VS hardware token plus PIN
From: Frank Knobbe <frank () knobbe us>
Date: Tue, 22 Feb 2005 11:39:25 -0600
On Tue, 2005-02-22 at 10:08 -0500, MHawkins () TULLIB COM wrote:
What solutions are out there that do not use a PIN but use some
username/password combination along with the hardware/software token?
Why would you need that?
In both cases you need a user name to identify the user.
In case of password-only, you just the password, something you know.
In case of token, you use the token (something you have), and the PIN
(something you know). The PIN is in a sense acting as the password.
Why would you need two passwords?
Another advantage that tokens have (but also other OTP schemes like OTP
calculators) is that the password/token-response is only valid once. If
someone intercepts the given token code during authentication, he should
not be able to use the same information again. Just like a
one-time-password created by an OTP calculator.
The valid-only-once advantage is something a static username/password
can not provide.
Regards,
Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
 By Date 
By Thread
Current thread:
- RE: Username password VS hardware token plus PIN, (continued)
|
Intro
