[1801] in WWW Security List Archive
Re: Is password good enough?
daemon@ATHENA.MIT.EDU (T Kruger)
Wed Apr 10 02:05:18 1996
Date: Tue, 09 Apr 1996 22:00:50 -0700
From: T Kruger <krugertl@apci.net>
To: Mariam Jazayeri <jazayeri@hpcc117.corp.hp.com>
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Mariam Jazayeri wrote:
>
> I would like to know if this group feels password is sufficient for
> protecting sensitive information on Web inside the firewalls.
> I know most document servers provide password protection, but I'm not sure if
> that's good enough to protect sensitive information on the Web?
>
> Any thoughts?
>
> Thanks,
> --
>
> Mariam Jazayeri IT Risk Management Engineer
> Hewlett-Packard Computing & Technology Services
> e-mail : jazayeri@corp.hp.com (415) 857-4637
If you're really concerned about sending passwords across the net as
clear-text, you may want to look at "one-time" password such as S/Key.
You can find more info and the achive of S/Key at:
ftp://ftp.bellcore.com/pub/nmh/docs/ISOC.symp.ps
ftp://ftp.bellcore.com/pub/nmh/
It's a bit of more to manage but it may help you sleep better at night if
you have sensitive info or critical systems to protect.
Good Luck,
Tim Kruger
email: krugertl@apci.net
