 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Richard Pieri wrote: >> Bluetooth proximity is not dependent on the phone being password >> protected. > > Then your system is no better than writing a password on a post-it note. > It's actually worse; a post-it note isn't likely to be dropped and > broken... Basic two-factor principle: Factor 1: something you know (the password you type into the single-sign-on prompt on your desktop/laptop); Factor 2: something you have (the cell phone you always carry with you). Sure, having your physical security device be protected by a password improves your security, but also adds complexity that may not be worth the costs. Plenty of systems use "something you have" that does not require a password. Anyone could implement a trivial version of this. You just create two password prompts (or train users on how to concatenate two password in one prompt). For the first, the user gets to pick anything they want that they can easily remember. For the 2nd the user gets a computer generated high-strength pass phrase that you give to them printed on a card. As someone else suggested, they can keep that in their wallet and guard it as they do their credit cards. By combining these techniques you (somewhat) mitigate the weaknesses of a trivial to guess password, or an easily dropped security card. Personally, I'll take an automated 2nd factor, like Bluetooth proximity, any day over having to punch in text from a card. > ...nor is it likely to run out of power and stop working. The big win with Bluetooth proximity is that you are leveraging a device the user already habitually carries. You don't have to remind them to bring some new device to work each day. You don't have to encourage them to take good care of it, not to put it in the laundry, or keep it charged. Most users have already learned those lessons. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
