[unisog] secure authentication

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri May 27 06:38:22 GMT 2005


On Thu, 26 May 2005 15:12:58 EDT, Michael Davis said:
> We're looking into ways of making user credentials more 
> secure.  One topic that came up is that your 
> loginID/username is part of your email.  Does anyone keep 
> them seperate.

For it to add anything but a totally meaningless amount of security via
obscurity, the loginID would have to be *totally* devoid of connection with the
email address.  So since your email address is mike.davis, you can't use mike,
or davis, or mdavis, or mdav034, or anything like that. You could however have
xpr4k6 as your userid.

Of course, such a scheme *would* be novel - rather than people writing
passwords down or calling the help desk when they can't remember them, you
would have those problems with *userids*....

If you're *really* trying to improve the *actual* security, look into the
following:

1) Deploying multi-factor authentication - for example, a password *and* a
biometric, or a biometric and a smart card, or....

2) All the password security in the world won't help you as long as you're
doing it on systems that are prone to getting infested with keystroke loggers.
Do something to rid your systems of loggers and other spyware.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050527/cc0921b9/attachment.bin


More information about the unisog mailing list