[aklug] Re: Biggest weakness of passwords

Biometric activated encrypted rfid card (IN your person or pocket)body = obscurity) with OTP (pull biopasswd algorithms into it) only being allowed after voice/eye recognition. This sits under a time tested MAC labeled physical/IS security policy. Dash of physical security barriers - guards, funk hallways, personal weapons, overall architecture and what not...Think Pentagon. At this point I think the use of the password is acceptable no matter the asset.

God this could get silly :)
--eddie

> Date: Tue, 9 Jun 2009 11:00:16 -0800
> From: choward@indicium.us
> To: psksb1@uaa.alaska.edu
> CC: aklug@aklug.org
> Subject: [aklug] Re: Biggest weakness of passwords
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kevin Browning wrote:
> >
> >
> > What about a chip injected into your skin? So then when you sit at your computer you have a chip scanner that will scan the chip in your skin and authenticate. Or you could go to a tattoo place and get a bare code tattooed to your arm, but this would be visible. There is never a password typed and the only way someone can login is to force you to scan the chip in your arm. In that case you will need to consider physical security. In Alaska we take care of that with a side arm.
> >
> > Kevin
> >
>
> Not too bad of an idea. The chip could utilize some kind of
> private/public key system, so authentication could occur in a wireless
> manner without compromising security.
>
> Physical security is, as you say, an issue, as someone could simply take
> your living/sleeping/dead body to the terminal and gain access. But that
> is harder to pull off, I would imagine, than for someone to simply get a
> camera recording of you typing in your password.
>
> However, the moment I see a government-issued version of the chip, I'm
> going to get out my 41 revolver and go hide in my bunker.
>
> Also, as regarding the firearms: I work at UAF, where unfortunately I
> can't bring a potato gun on campus without becoming an enemy of the
> state. But as long I was only attacked at home I supposed I'd be okay. >:(
>
> - --
> Christopher Howard
> http://indicium.us
> http://theologia.indicium.us
>
> I digitally sign /all/ of my e-mails via PGP. If you receive any e-mail
> from me without my valid PGP signature, please take additional steps to
> verify the authenticity of the message.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkousUAACgkQQ5FLNdi0BcXPXgCdFhB2ifwQzf7tv46pC1LhFfV6
> WQ8An2G38jAGFCc9Nd/C1VGZHVUjKSv6
> =Ua03
> -----END PGP SIGNATURE-----
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

_________________________________________________________________
Windows Live™ SkyDrive™: Get 25 GB of free online storage.
http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 9 11:30:29 2009