Alternative Login Methods/Security Devices/Smart Cards



Joshua
07-09-2005, 11:53 PM
Hi

I'm wondering if anyone out there has any experience with this. I have a
complex password scheme applied to my domain and I have a user who has issues
remembering complex passwords. This user is important enough that I find an
alternate solution without removing my password policy.

Has anyone had any experience with this, or any suggestions on what route to
go?
Thanks in advance!

Steven L Umbach
07-09-2005, 11:53 PM
A smart card could work but instead I suggest you train this user. For
instance get users to think pass phrases instead of passwords. the
passphrase - I forget my stupid password! is a very strong password [28
characters] that meets complexity requirements. Tell him to start passphrase
with capital letter and end with ! or such and leave spaces in it if that
helps the user. In my opinion writing down a complex password is not always
a sin as long as it is secured to some degree and not taped to the monitor
or on sticky note inside the top drawer or under the keyboard. I guarantee
that you have other users writing down their passwords somewhere and/or
using something easy to remember like Password1 [I don't suggest that
password however]. --- Steve


"Joshua" <Joshua@discussions.microsoft.com> wrote in message
news:0F1446A7-569B-480B-A6B4-82310BB22397@microsoft.com...
> Hi
>
> I'm wondering if anyone out there has any experience with this. I have a
> complex password scheme applied to my domain and I have a user who has
> issues
> remembering complex passwords. This user is important enough that I find
> an
> alternate solution without removing my password policy.
>
> Has anyone had any experience with this, or any suggestions on what route
> to
> go?
> Thanks in advance!

John
07-09-2005, 11:54 PM
Joshua wrote:
> Hi
>
> I'm wondering if anyone out there has any experience with this. I have a
> complex password scheme applied to my domain and I have a user who has issues
> remembering complex passwords. This user is important enough that I find an
> alternate solution without removing my password policy.
>
> Has anyone had any experience with this, or any suggestions on what route to
> go?
> Thanks in advance!


Hi Joshua,

why should someone become a "strong password specialist" when all he
wants is to do his job? Yes, a Smart Card (or USB Token) can be very
helpful here. If you want to make it even easier, you could throw in
some biometrics. Then all he has to remember is to bring whatever
bodypart is necessary.

Also Single Sign On (SSO) applications can use the card/token to store
usernames/passwords on it, so all the user has to do is authenticate
himself to the card, and the card will do it to all other applications.

Best regards
John


Alternative Login Methods/Security Devices/Smart Cards