Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Kind Of Remote Authentication Do You Use?

Posted by Cliff on from the show-the-credentials-please dept.

Iphtashu Fitz asks: "I have worked for a number of companies that implement different types of security policies for remote access. This has ranged from simply setting up a PPTP server with static passwords to bastion hosts using authentication tokens like RSA Security's SecurID and CRYPTOCard's product by the same name. Most people agree that static passwords on a PPTP server aren't all that secure, and anyway it's not all that easy to integrate with Linux servers. SecurID and CRYPTOCard are much more secure because they use one-time passwords generated by hardware tokens. However, when I used SecurID it seemed that their tokens would regularly lose synchronization with the server (not to mention they would expire every two years or so and were expensive to replace). The CRYPTOCard keychain token doesn't have the synchronization problem that RSA's does but it's also a pain to use because of the way you enter a PIN into it. What kind of authentication system(s) do you use where you work? What do you like and hate about it? How would you make it better if you could?"

3 of 36 comments (clear)

  1. my dream device.. by way2trivial · · Score: 2, Interesting
    a simple little box, that I buy, perhaps two, configure, and send one to my mom.. she plugs it into her router..


    bam- vpn.. Yes, she has three open ports on her wifi adapter, (ok, I'm out, but I'll put in an uplink or buy a new 8port)

    why can't someone make a cheap (*behind the router*) box that lets me VPN over the internet safely, at a reasonable pricepoint? no config required other than a 256 character matching password and the IP of the other machine? they talk to each other from behind the router, and act as if they were local computers for the lan?

    --
    every day http://en.wikipedia.org/wiki/Special:Random
  2. I currently use by Marxist+Hacker+42 · · Score: 1, Interesting

    Keyfobs with customized VPN software on them. Downside is you need Linux or Windows to use it. What I'd LIKE to see- is customized VPN software that runs on a variety of machines, with both USB and SD interfaces (for handhelds and phones and such) combined with a thumbprint or retina scanner- biometrics baby, it's the only way to be sure the guy logging on is who he says he is.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  3. Re:RSA fixed the problem... by Iphtashu+Fitz · · Score: 3, Interesting

    Yes, I had that problem repeatedly when a large client first went to this system. But it quit doing that at least a year ago.

    Sucks for RSA. We switched over to CRYPTOCard almost 2 years ago now. The constant loss of synchronization was a huge factor since we have remote offices all over the place and constantly having to resync remote users was a real pan in the ass.

    Of course the cost is still a major issue. RSA's licenses are a lot more expensive than most other alternatives. Their support contracts are very expensive. Their tokens expire every 2 years which adds yet another cost (esp. when dealing with all our remote users). Many of the other alternatives don't have tokens that expire, thus saving a lot of time & money down the line.