[TriLUG] OT: password generation
Mike Johnson
mike at enoch.org
Thu Feb 24 12:38:37 EST 2005
Mack.Joseph at epamail.epa.gov wrote:
> I've had the same 4 digit PIN on my ATM card for about 20yrs and my
> account hasn't been cracked yet.
Not a fair comparison. ATM authentication is two factor: something you
have (your ATM card) and something you know (your PIN). Passwords are
single factor: something you know. Two factor authentication for system
login would lessen the complexity requirements for passwords. For
instance, if your system required a fingerprint scan and a PIN number,
said PIN number could be four digits and you'd be fine. This is also
two factor: something you are and something you know.
Two factor authentication is -much- stronger than sinble factor and
generally much easier for users to deal with. However, it costs more.
Mike
More information about the TriLUG
mailing list