Spat's WebLog (Steve Patrick)

When things go wrong...

Straw Poll - When are you planning to get rid of passwords?

Straw Poll - When are you planning to get rid of passwords?

  • Comments 3

You heard  " The Man" , Bill Gates at RSA 2006 -

"Another weak link, is in authentication. Today we are using password systems, password systems  simply wont cut it, in fact they are very quickly becoming the weak link.”  … “We need to move to multifactor authentication, a lot of that will be a smartcard type approach, where you have a challenge response , you don’t have a single secret..”

So - seriously, when you are starting your "Password Elimination Project"? I know of a few unnamed customers moving towards this today and have chosen Smartcards to replace the standard userID\Password across the enterprise. Unsurprisingly, this does not come easy.

If you are working on this, or thinking about moving towards this - I'd love to hear from you. Either via comment or direct email to me.

I already have a good deal of info about this type of project , but need to compile and sanitize the data before I post it here. I would love this to be a collaborative community discussion w/ gotchas and ideas.

 

spat

 

 

 

 

 

Leave a Comment
  • Please add 6 and 6 and type the answer here:
  • Post
  • Why smartcards?  Why did Microsoft focus on smartcards, why do others like the token based approach.  

    Many people (fortunately, I'm not usually one of them) lose their keys, leave their badges at home (you know who I'm talking about) and misplace anything that isn't physically attached to them.

    Why not biometrics.  Fingerprints are what I'm most used to using, but hand geometry, iris scans, the more unpleasant retinal scan, facial recognition etc...  There are many ways that people can be uniquely identified, and I've never forgotten to bring my thumb with me when I headed for work...

    I understand and agree with the multi-factor authentication, but why make it something you have and something you know, instead of something you are and something you know?  

    Thoughts?
  • ( my own lowly opinion here )

    I think biometrics is definitely in the future, we just are quite there yet as far as the OS goes.
  • smartcards are much harder to fake than fingerprints

Page 1 of 1 (3 items)