| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44276617.4010204@mynetsec.com> Date: Mon Mar 27 05:16:03 2006 From: gareth.davies at mynetsec.com (Gareth Davies) Subject: guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time) Anders B Jansson wrote: > Biometrics fail as been shown several times before. > Biometrics require that there's no way of obtaining that information > from the user, > or that there's no way to enter this data without the actual user > being present. > > And even then they fail the actual user has a gun at his temple. > > </esoteric rant> Then we need to return to the old mainframe concept of duress alarms (login with a * at the end or alternate login for situations when you are under duress). The oldskool ;) -- Gareth Davies - BS7799 LA, OPST Manager - Security Practice Network Security Solutions MSC Sdn. Bhd. Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara, Mont? Kiara, 50480 Kuala Lumpur, Malaysia Phone: +603-6203 5303 or +603-6203 5920 www.mynetsec.com
Powered by blists - more mailing lists