Secure ID and strong passwords in the enterprise:
1. Everyone has a secure ID token. If the system supports authentication, it is implemented.
2. For those systems that can not be supported, a user-specific random password is generated and posted to an intranet site that requires authentication via the token.
Users can login at anytime and get their passwords so there is no need to write them down.
3. Passwords are changed on a regular basis and are changed immediately if there is any reason to suspect a compromise.
For my personal passwords, I have an encrypted database in my smartphone. The database is protected by yet another strong password.
The main vulnerability is shoulder surfers. A few incidences resulting in severe penalties for compromised passwords seem to have drastically reduced the problem. Once the average user understands that there are financial implications to allowing a compromise, they are suddenly more aware of who is standing behind them.
Slashdot Mirror
Secure ID and strong passwords in the enterprise: 1. Everyone has a secure ID token. If the system supports authentication, it is implemented. 2. For those systems that can not be supported, a user-specific random password is generated and posted to an intranet site that requires authentication via the token. Users can login at anytime and get their passwords so there is no need to write them down. 3. Passwords are changed on a regular basis and are changed immediately if there is any reason to suspect a compromise. For my personal passwords, I have an encrypted database in my smartphone. The database is protected by yet another strong password. The main vulnerability is shoulder surfers. A few incidences resulting in severe penalties for compromised passwords seem to have drastically reduced the problem. Once the average user understands that there are financial implications to allowing a compromise, they are suddenly more aware of who is standing behind them.