nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AD and enforced password policies

From: Måns Nilsson <mansaxel () besserwisser org>
Date: Tue, 3 Jan 2012 14:43:55 +0100
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at 05:31:12AM -0800 Quoting Michael Thomas (mike 
() mtcc com):
 

For most need-to-join sites, I think this is a pretty reasonable solution. Maybe
not for, oh say, financial sites where password recovery is a little bit scarier,
but for the run of the mill app/site... it seems that this solution at least
solves the domino problem.


There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate and password/pin code. Most banks have a hardware token,
either challenge-response or HOTP/TOTP; some use the chip in chip-and-pin
cards as certificate carrier, and combine it with a reader device to
manage pin code entry.

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
Hello?  Enema Bondage?  I'm calling because I want to be happy, I guess ...

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: