[Previous] [Next] [Index]
[Thread]
Re: Is password good enough?
Mariam Jazayeri wrote:
>
> I would like to know if this group feels password is sufficient for
> protecting sensitive information on Web inside the firewalls.
> I know most document servers provide password protection, but I'm not sure if
> that's good enough to protect sensitive information on the Web?
>
> Any thoughts?
>
> Thanks,
> --
>
> Mariam Jazayeri IT Risk Management Engineer
> Hewlett-Packard Computing & Technology Services
> e-mail : jazayeri@corp.hp.com (415) 857-4637
If you're really concerned about sending passwords across the net as
clear-text, you may want to look at "one-time" password such as S/Key.
You can find more info and the achive of S/Key at:
ftp://ftp.bellcore.com/pub/nmh/docs/ISOC.symp.ps
ftp://ftp.bellcore.com/pub/nmh/
It's a bit of more to manage but it may help you sleep better at night if
you have sensitive info or critical systems to protect.
Good Luck,
Tim Kruger
email: krugertl@apci.net
References: