[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time)

To: Anders B Jansson <hdw@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time)
From: Gareth Davies <gareth.davies@xxxxxxxxxxxx>
Date: Mon, 27 Mar 2006 12:12:07 +0800

Anders B Jansson wrote:

Biometrics fail as been shown several times before.
Biometrics require that there's no way of obtaining that informationfrom the user,or that there's no way to enter this data without the actual userbeing present.
And even then they fail the actual user has a gun at his temple.

</esoteric rant>

Then we need to return to the old mainframe concept of duress alarms(login with a * at the end or alternate login for situations when youare under duress).


The oldskool ;)

--
Gareth Davies - BS7799 LA, OPST

Manager - Security Practice

Network Security Solutions MSC Sdn. Bhd.
Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara,
Mont’ Kiara, 50480

Kuala Lumpur, MalaysiaPhone: +603-6203 5303 or +603-6203 5920


www.mynetsec.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time)
  - From: coderman
- Re: [Full-disclosure] guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time)
  - From: Anders B Jansson