[unisog] secure authentication

Michael Holstein michael.holstein at csuohio.edu
Thu May 26 20:50:54 GMT 2005


Here, they're separate. Is that more secure? Well, if you believe in 
'security through obscurity' then yes. In reality, no, it's not.

'what' you use for a username is less important than 'how' you implement 
it. PKI/SSO is a good idea, and a email address is a logical choice for 
a username -- just secure the password part via certificates, tokens, 
biometrics, etc.

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

Michael Davis wrote:
> Hello all,
> We're looking into ways of making user credentials more 
> secure.  One topic that came up is that your 
> loginID/username is part of your email.  Does anyone keep 
> them seperate.  We have aliases for email but people can 
> also send to uid at temple.edu. I'm curious to see if others 
> are keeping them seperate and more anonymous to others.
> 
> Thanks
> -----------------------------
> Michael Davis
> mike.davis at temple.edu
> 215-204-3902
> Temple University
> Manager, Enterprise Systems
> -----------------------------
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 


More information about the unisog mailing list