Password for my password
Nov 27
I just read an article in CNET, by Jonathan Eunice, Character limitations in passwords considered harmful. And immediately after reading the story I thought to myself, Jonathan (may I call you Jonathan), we have the answer to your troubles. It’s called VeriSign Identity Protection (VIP) Authentication Service and it’s precisely what you need to address your goal to have strong authentication for your “4,000 web services.”
Jonathan’s article described the issue of how various websites will frequently restrict your ability to create ‘stronger’ passwords that use symbols (i.e. !@#$%^&), and thus relegate the user to simple (and easy to steal) phrase or nickname passwords. So he is thwarted from his attempt to use a password like “Ga9i)t|Z” by the fact that the website in question, is not allowing the use of these special character passwords. And he’s forced to use “easy-to-remember, easy-to-hack passwords.” Not an ideal solution.
So here’s where VIP comes in. VIP is an easy to implement two-factor authentication service that employs an open standards-based one-time password credential that strengthens your existing userid and password. The VIP Authentication Service provides a cloud-based second-factor authentication, integrated to your favorite web service via Web Services-based API. The VIP credential is available as a small hardware token or can reside as a client application on your mobile phone (always available, regardless of wireless network coverage). This VIP credential generates a 6-digit code (which changes every 30-seconds). The credential is registered with a relying party web service – and every time you initiate a login session to your web service, in addition to entering your easy to remember userid and password, you also enter the 6-digit code from your credential as a “second” password.
Now Jonathan has essentially a password for his password. And better yet, that password for his password is uniquely generated (based on OATH standards) and constantly changing, every 30-seconds. Someone would have to physically steal Jonathan’s mobile phone or VIP token IN ADDITION to stealing his userid and password to hack into his favorite websites. Jonathan can combine something he knows (userid & password) with something he has (VIP credential) to add strong password protection. Now he can login, safely and securely.
So Jonathan, feel free to use “goofdog” as your password – just be sure to add VIP Authentication and you’re good to go.
Posted by Han Dong on December 3, 2009 3:55 PM | Permalink
Post a comment (If you haven’t left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won’t appear on the entry. Thanks for waiting.)
View the original article here
Posts Related to Password for my password
Layered Security Strategy, the Key to Trust
Online Identity and Trust: Layered Security Strategy, the Key to Trust Online Identity and Trust « Password for my password | Main | Cloud computing ...
I know this really is truly dull and you are skipping to another remark, however I simply wanted to toss a big many thanks — you cleared up some things for me!
For those that haven’t been on this field long enough – I do know that the internet isn’t the most reliable resource for informations. but for sure I can say how the author is correct, however weird it might look
For those that haven’t been on this field enough – I do know that the internet isn’t the most trustworthy source for information. but with certanty I can say the author is right, however weird it might look
Hey, i think you visited my website so here i am!.I am looking for ways to add things to my blog!Is it ok if i use some of the things i saw here?!
When i visit a blog, chances are that I see that the construction is poor and the writting bad.On the other hand,I could honestly say that you writting is decent and your website solid.
I am pressing forward even though it hurts, thanks for the nudge. I Love that you love me enough to nudge me to press forward, because, you know the power within me, I know that you love everyone the same, as Christ loves us enough to carry us when we are weak. You are Loved Marshall, Thanks for following Christ’s example. The true meaning of being Christlike in your actions.
You are a very smart individual!
Thanks pal. Awesome article you have here. Have some extra sites to point to with more info?
You are not the average blog writer, man. You definitely have something powerful to contribute to the web. Such a wonderful blog. I’ll return for more.
Howdy, an astonishing info dude. Thanks But I’m experiencing issue with your rss . Don’t know why Fail to subscribe. Does anyone else having identical RSS issue? Anyone who can assist please respond. TQ
A splendid blogpost, I just passed this onto a friend who was doing a little research on that. And he in fact bought me dinner because I found it for him.
.. So let me rephrase that: Thnx for the treat! But yeah Thnx for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is highly helpful for me. Big thumb up for this article!
It’s unusual for me to find something on the net that’s as entertaining and fascinating as what you have got here. Your page is lovely, your graphics are great, and what’s more, you use source that are relevant to what you’re talking about. You are certainly one in a million, great job!
Is there anymore information you can give on this subject. It answers a lot of my questions but there is still more info I need. I will drop you an email if I can find it. Never mind I will just use the contact form. Hopefully you can help me further.