[TriLUG] OT: password generation
Mack.Joseph at epamail.epa.gov
Mack.Joseph at epamail.epa.gov
Thu Feb 24 12:57:10 EST 2005
Joseph Mack PhD, High Performance Computing & Scientific Visualisation
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.john at epa.gov
trilug-bounces at trilug.org wrote on 02/24/2005 12:38:37 PM:
> Mack.Joseph at epamail.epa.gov wrote:
>
> > I've had the same 4 digit PIN on my ATM card for about 20yrs and my
> > account hasn't been cracked yet.
>
> Not a fair comparison.
Agreed. A recent article
http://it.slashdot.org/article.pl?sid=05/02/03/1855258&tid=172&tid=1
points out that passwords aren't a real good solution in the first
place,
which was the point I was hoping people would get from the ATM example.
> ATM authentication is two factor: something you
> have (your ATM card) and something you know (your PIN).
> Passwords are single factor: something you know.
> Two factor authentication for system
> login would lessen the complexity requirements for passwords.
Presumably the ATM card piece of info is hard to guess
(there is a large sparsely occupied namespace used on
the magnetic strip).
For conventional login, you have a username and a passwd.
Neither should be known to the attacker,
but it isn't hard to guess usernames,
so make the standard login a 1.1 factor authentication.
Joe
More information about the TriLUG
mailing list