Quote:
Originally Posted by SameOldStory
It is your fault. At some time in the future you'll find yourself back before you thought of this scheme selling out humanity for a better self future tomorrow. Clear?
|
Quote:
Originally Posted by SameOldStory
So lets say the problem is users using simple passwords. If you make them use complex passwords they just write it down somewhere. Next you try card swip/prox cards. No good, the cards are lost or borrowed. Combo of password and card? Same as before. Biometric? How many computers do you have to logon to? I have a lot of them.
RFID implants may be the easiest. But I sure do hope no one wants to cut it out of me to access the computers I work with.
|
One Time Password. Device-dependent or device-independent (can be done either way). The authentication server behind the access/web server knows the device or software you have, and the password it should be displaying right now for your use.
Is it unbreakable? Hell no. Nothing's 100%. But that's the most common form of authentication I see being implemented recently. Cheaper than biometrics, a lot easier to use than a dozen simple passwords - and a lot harder to hack or intercept.
I don't know what the US govt's looking at. But, for a start, most govt workers wouldn't know the difference between an 'identity' and an 'authentication'. I wouldn't bother getting hot under the collar OR stressed without details on what's actually being planned.
Logging for the sort of system I talked about originally would basically consist of -
Amazon.com initiated authentication request for user nomesque
OTP verified
Authentication-accept sent to Amazon.com
... that sort of information. It wouldn't know, let alone care, what happened afterward. That's Amazon's problem. All it would deal with is the simple, "yes, this login information is consistent".
*shrug* Is that what the US govt is talking about? Probably. Do they know it? I dunno. God knows they could be planning to watch every move you lot make. Gotta build secure jobs somehow
