[148101] in North American Network Operators' Group
Re: AD and enforced password policies
daemon@ATHENA.MIT.EDU (=?utf-8?B?TcOlbnM=?= Nilsson)
Tue Jan 3 08:44:47 2012
Date: Tue, 3 Jan 2012 14:43:55 +0100
From: =?utf-8?B?TcOlbnM=?= Nilsson <mansaxel@besserwisser.org>
To: Michael Thomas <mike@mtcc.com>
In-Reply-To: <4F030320.1030804@mtcc.com>
Cc: "Nanog@nanog.org" <Nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--tuFXEhzhBeitrIAu
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at 0=
5:31:12AM -0800 Quoting Michael Thomas (mike@mtcc.com):
=20
> For most need-to-join sites, I think this is a pretty reasonable solution=
=2E Maybe
> not for, oh say, financial sites where password recovery is a little bit =
scarier,
> but for the run of the mill app/site... it seems that this solution at le=
ast
> solves the domino problem.
There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate and password/pin code. Most banks have a hardware token,
either challenge-response or HOTP/TOTP; some use the chip in chip-and-pin
cards as certificate carrier, and combine it with a reader device to
manage pin code entry.
--=20
M=C3=A5ns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
Hello? Enema Bondage? I'm calling because I want to be happy, I guess ...
--tuFXEhzhBeitrIAu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk8DBhkACgkQ02/pMZDM1cWQcQCeJ+GMvcihp3F0vN016URAAXBF
HsMAmQFxke5EfBZuB7+CM6F75RJU3DMf
=Gvqg
-----END PGP SIGNATURE-----
--tuFXEhzhBeitrIAu--
