General discussion
-
CreatorTopic
-
September 15, 2005 at 9:46 am #2189759
Password dummy
Lockedby neil higgins · about 18 years, 6 months ago
Apparently,most people forget their passwords at some stage.Others write them down,and then forget them.The consequences are obvious.Where I work,you have a personal pin code to access the “system”.If passwords,or Mission Impossible tactics are’nt the answer to security,what is?
Below is a link to a zdnet article on passwords:Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
September 15, 2005 at 10:27 am #3059769
interesting..
by jaqui · about 18 years, 6 months ago
In reply to Password dummy
but why not go that extra step and monitor keystroke style?
then, if someone else is using the system you have a third defense that kills anything the user is tryiong to do, hopefully while alerting the admin so they can be caught and charged.the software to monitor keystroke patterns has been around for a long time, and is an unbeatable defense, as every person has a different pattern to how they use the keyboard. the software can be setup to compare pattern to every legal user of the systems, and take appropriate action if it’s another employee using the workstation, or if it’s someone completely un-authorised.
-
September 15, 2005 at 11:46 am #3059739
A few ideas about this
by jdclyde · about 18 years, 6 months ago
In reply to Password dummy
First, if you have taken even a basic admin or security class you have learned all the problems with passwords. People write them down. People pick their pets or kids or something. People give them out. They can be cracked.
But who do we hear this from the most? The people that want to SELL the latest, greatest, wizbang that will save us all. Tokens, biometrics, all sound like good products but is the data to support the costs unbiased or does it have a vested interest in you going with a system like this?
I have heard so many people that have a solution to sell me, and each one is better than the rest. I know this, because they told me so.
-
September 15, 2005 at 12:23 pm #3059722
true.
by jaqui · about 18 years, 6 months ago
In reply to A few ideas about this
at least my solution as suggested isn’t new tech, it’s implement what’s been available for years.
-
September 15, 2005 at 12:46 pm #3059705
How would it handle
by jdclyde · about 18 years, 6 months ago
In reply to true.
when I am doing something else at the same time and type one handed so I don’t have to put something else down? Like food or phone (or porn?) ;\
Not up on the keystroke patterns.
This would be like the voice recognition software that didn’t work if you had a cold?
-
September 15, 2005 at 1:21 pm #3059663
well,
by jaqui · about 18 years, 6 months ago
In reply to How would it handle
you could actually increaese the db size for it and have people use the keyboard under different conditions so there is a baseline for most situations.
the ideaa behind it is that eveyone will have some keys they are slower in hitting, faster on some, harder on others…
even one handed this basic pattern is still there.I remember when I was learning computers back in 81-82, typing one handed at 45 words per minute.. programming in r/t in hex. 🙂
can you guess which keys I am fast at hitting? ~L~
I know that no one solution is perfect, but this one has the potential to keep intrusions down much more than the password model does.the biggest drawback is that it must be running on every client to work.
( network access denied if it’s not running will keep a lot of hack attempts from getting through even if they have broken the other safeguards. ) -
September 15, 2005 at 2:04 pm #3059640
-
September 15, 2005 at 1:24 pm #3059662
No perfect solution
by dc guy · about 18 years, 6 months ago
In reply to How would it handle
Security is always a balance between false positives and false negatives. You have to err on the side of locking out an authorized user for obvious reasons.
With typing cadence people will soon learn to sit down and type normally, especially after you tell them that and they still try it one-handed, standing up, in the dark, drinking coffee, with the cat trying to get their attention.
Password programs are becoming more draconian, they already require a mix of upper case, lower case, and numerals. It won’t be long before they have to be of the form A9#9#A. Then of course we’ll all forget them, especially since they force us to change them every 90 days.
Passwords just can’t provide the security we need without overwhelming the security staff with requests for new passwords, a situation which creates quite a risk exposure of its own.
I predict that biometrics will replace them. Voice prints have the problem you already identified. Your retinas can be removed and stolen if this is a James Bond scenario. Personally I think typing cadence is probably the best way to go.
-
September 15, 2005 at 2:07 pm #3059635
removing retinas
by jdclyde · about 18 years, 6 months ago
In reply to No perfect solution
They have the ability now for retina and fingerprints to tell if the person is dead or not, just for that reason. Fingerprints? Just take the finger or hand. Doesn’t work.
Imagine the joyful people that designed that?
The best I have heard of is where they use a camera and the computer does calculations based on your face and an image stored in the database. In use by the feds now, and I think they even use this in casinos to identify cheats.
-
September 15, 2005 at 2:20 pm #3059629
Biometrics
by neil higgins · about 18 years, 6 months ago
In reply to removing retinas
Read this CNN story on biometric security:
http://www.cnn.com/2005/TECH/08/29/transforming.biometrics.ap/index.html
*Thanks to jd and DC for pointing me in this direction 🙂
-
September 18, 2005 at 10:14 pm #3059544
No perfect solution
by andrew06 · about 18 years, 6 months ago
In reply to Biometrics
I also feel that the solution of using biometric devices such as keyboards and mice will always be susceptible to things like plastic tape and laminate material. I think that blood samples and DNA would still be hackable but would be extremely HARD.
-
-
-
February 2, 2006 at 6:36 am #3134357
use an encrypted list on a PDA
by techmail2 · about 18 years, 1 month ago
In reply to Password dummy
I wrote my own “password keeper” for my Palm. There are a number of commercial/shareware versions, but none matched the way I work. My program is currently at version 5 and hasn’t had any changes in a year – so it’s apparently what I wanted 😉
If you have a Palm, you can download a copy here: http://www.jecarter.com/passbank/files/passbank.prcJohn
-
-
AuthorReplies