[Dshield] Web Site Authentication

Ackley, Alex aackley at epmgpc.com
Mon Jan 29 16:27:56 GMT 2007


I need some help making a business case for changing our method of
authenticating users.  Our current "system" is anything but.  A person's
SSN is used and a password assigned.  The password is checked against a
field in a database and if it matches the SSN attached they are allowed
in.  This is done over SSL using a certificate but that is the end of
the system.  I believe a more robust and secure system should be
implemented because of the data that is opened to users who login.  My
problem is in communicating the business need other then because someone
could get in.  What makes moving from this system to another like a
RADIUS or Kerberos based system better?

Thanks

Alex
System Admin


More information about the list mailing list