July 30, 2012 at 9:00 am
ldsudduth1 (7/29/2012)
And if dropbox and other sites like that are blocked by policy.....then what?
Dropbox is a sync, not a storage, mechanism. Even without a network connection, I have the copy of my passwords with me. When I get back to a connection, things sync if I've added/changed something.
July 30, 2012 at 9:02 am
jmgroft (7/30/2012)
The user ID / password mechanism is a flawed system at best. Yes, there are problems with centralized identities, biometric security systems, etc. However, somewhere along the line, we're going to have to admit the reality that no security system is a hundred percent secure. If it can be created, it can be hacked. The best we can do is create a system that keeps honest people honest and forces dishonest people to work so hard that it's not worth their while.
Whatever mechanism is used, the important thing is to use a security scheme that doesn't provide identity information for large groups of users with a single hack. It should be just as hard to get the information for a second user as it was for the first. After all: a long time X a lot of users = a really, really long time.
Yep, and I'd argue everyone using a password tool is the best way to do this right now.
July 30, 2012 at 9:44 am
And I wouldn't disagree with you. If a clearly better alternative existed, everyone would be using it. I don't think anyone has really cracked this nut yet.
July 30, 2012 at 10:09 am
Hi All,
I think the worst security thread relvant to passwords is integrated authentication (within the network). One hacked or written down password can lead to a hacker getting access to all resources hacked account has.
Yelena
Regards,Yelena Varsha
July 30, 2012 at 10:41 am
eric.rini (7/29/2012)
For example a physical authentication like linking an account to a mobile phone (it sends u a text with a unique key to login) or using a token like this - http://us.battle.net/support/en/article/battle-net-authenticator-faq simply cannot be cracked, no matter how irresponsible or uneducated the user is about security.
That is not exactly true. The Battle.NET authenticator was hacked the day after Diablo 3 was released. They used a man in the middle attack. While it could be argued that the authentication was still intact, these hackers were able to retrieve passwords which in turn let them login to these accounts normally.
I agree that authenticators are a good approach but even they are not foolproof.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
Viewing 5 posts - 16 through 19 (of 19 total)
You must be logged in to reply to this topic. Login to reply