One Time Identification, a request for comments/testing.
Frank Cusack
fcusack at fcusack.com
Sun Feb 4 23:57:45 EST 2007
On February 2, 2007 5:46:55 PM -0500 Peter Iannarelli
<peteri at cryptocard.com> wrote:
> I don't believe I've seen anyone with a token strapped to their
> notebook and their PIN etched on the case.
I know a few thousand such users. Not with the PIN etched :-) but with
a credit card form factor token strapped to the laptop lid in a clear
plastic envelope. Pretty convenient.
> The reality is different. Software tokena require a M2M or
> machine to machine interface (software). Deploying this software
> on 100 workstations is problematic. Multiply that by 1000, within
> a heterogeneous environment, and its an administrative nightmare.
I tend to disagree. Yes at the few dozen or maybe even 100 machine level
it can be a chore to maintain (but installation itself should be trivial),
but once you hit multi-hundreds if you can't maintain the software you
really should worry about that first before worrying about tokens of any
sort. Keeping user's workstation software up to date automatically is an
absolute must in any large environment, and a sunk cost as far as
administrative overhead goes.
> Hardware tokens are the most portable and most secure.
I agree with that, except for the case of smartcards and portability.
These days, I'm surprised java tokens for phones and blackberrys aren't
more popular. The phone has the advantage that the user is very unlikely
to forget it somewhere.
-frank
More information about the Kerberos
mailing list