Extra Defensive Measures

Previous page
Table of content
Next page

One of the big risks of passwords is that theyre pretty easy to capture when a person sits down at a public terminal, or even a friends computer to log into a system. One way of reducing this risk is to allow the use of a one-time password system. The basic idea is that the user gets a password calculator, which may be some app running on a Palm Pilot or a Smartphone. Then, when the user is logging into a box, the user just uses the calculator app to get a one-time use password. Popular systems for this are OPIE (one-time passwords in everything) and S/KEY.

Most people wont want to use this kind of thing, especially from their own machines. Therefore, it should never be your only login mechanism. However, it is good to have this as an option, and, in the corporate world, to have policies mandating its use in situations where a user would otherwise have to type in a password to an untrustworthy device.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Interprocess Communications in Linux: The Nooks and Crannies
Adobe After Effects 7.0 Studio Techniques
MySQL Clustering
What is Lean Six Sigma
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy