Re: Is password good enough?

• To: Mariam Jazayeri <jazayeri@hpcc117.corp.hp.com>
• Subject: Re: Is password good enough?
• From: T Kruger <krugertl@apci.net>
• Date: Tue, 09 Apr 1996 22:00:50 -0700
• CC: www-security@ns2.rutgers.edu
• Organization: Me Myself n I
• References: <199604032134.AA092837277@hpcc117.corp.hp.com>

Mariam Jazayeri wrote:
> 
> I would like to know if this group feels password is sufficient for
> protecting sensitive information on Web inside the firewalls.
> I know most document servers provide password protection, but I'm not sure if
> that's good enough to protect sensitive information on the Web?
> 
> Any thoughts?
> 
> Thanks,
> --
> 
> Mariam Jazayeri                       IT Risk Management Engineer
> Hewlett-Packard                       Computing & Technology Services
> e-mail : jazayeri@corp.hp.com         (415) 857-4637

If you're really concerned about sending passwords across the net as 
clear-text, you may want to look at "one-time" password such as S/Key.  
You can find more info and the achive of S/Key at:

    ftp://ftp.bellcore.com/pub/nmh/docs/ISOC.symp.ps
    ftp://ftp.bellcore.com/pub/nmh/

It's a bit of more to manage but it may help you sleep better at night if 
you have sensitive info or critical systems to protect. 
Good Luck,

Tim Kruger
email: krugertl@apci.net

• Is password good enough?
• From: Mariam Jazayeri <jazayeri@hpcc117.corp.hp.com>

• Previous: Re: Is password good enough?
• Next: Re: Intranet: *Internal* Certifying Authority?
• Index(es):
  • Index
  • Thread