[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to fix authentication (was LinkedIn)

Subject: How to fix authentication (was LinkedIn)
From: morrowc.lists at gmail.com (Christopher Morrow)
Date: Thu, 21 Jun 2012 22:53:18 -0400
In-reply-to: <m2vcik6oz4.wl%[email protected]>
References: <[email protected]> <[email protected]> <CAEE+rGoshUGqni7ZOgFoaLSROk5DCUQwGFo9iu-AoyHSBnzDeQ@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <m2vcik6oz4.wl%[email protected]>

On Thu, Jun 21, 2012 at 10:48 PM, Randy Bush <randy at psg.com> wrote:
>> That's basically the Yubikey. It uses a shared key, but since you're
>> relying on a trusted third party anyway
>
> there are no trustable third parties

note that yubico has models of auth that include:
  1) using a third party
  2) making your own party
  3) HOTP on token
  4) NFC

they are a good company, trying to do the right thing(s)... They also
don't necessarily want you to be stuck in the 'get your answer from
another'

-chris

Follow-Ups:
- How to fix authentication (was LinkedIn)
  - From: nanog at armoredpackets.com (AP NANOG)

References:
- LinkedIn password database compromised
  - From: bicknell at ufp.org (Leo Bicknell)
- How to fix authentication (was LinkedIn)
  - From: jra at baylink.com (Jay Ashworth)
- How to fix authentication (was LinkedIn)
  - From: aaron at heyaaron.com (Aaron C. de Bruyn)
- How to fix authentication (was LinkedIn)
  - From: a.harrowell at gmail.com (Alexander Harrowell)
- How to fix authentication (was LinkedIn)
  - From: nanog at armoredpackets.com (AP NANOG)
- How to fix authentication (was LinkedIn)
  - From: ben at bjencks.net (Ben Jencks)
- How to fix authentication (was LinkedIn)
  - From: randy at psg.com (Randy Bush)

Prev by Date: How to fix authentication (was LinkedIn)
Next by Date: Automatic attack alert to ISPs
Previous by thread: How to fix authentication (was LinkedIn)
Next by thread: How to fix authentication (was LinkedIn)
Index(es):
- Date
- Thread