assurance - Re: [Assurance] silver and two-factor ...
Subject: Assurance
List archive
- From: "Frazier, William S [ITSYS]" <>
- To: "" <>
- Subject: Re: [Assurance] silver and two-factor ...
- Date: Tue, 13 Mar 2012 18:03:09 +0000
- Accept-language: en-US
Perhaps the two-factor and silver interests are not always related except
by coincidence. Silver assurance is needed because an affiliation
requires it. At the same time, multi-factor is needed because auditors
are pushing for it.
Bill
------------------------------------------------------------------
Bill Frazier
Unix OS, Apps, Evolving Technologies Lead voice: (515) 294-8620
Iowa State University fax: (515) 294-1717
Information Technology Services, 251 Durham, Ames, Iowa 50011-2251
On 3/13/12 12:48 PM, "Jones, Mark B"
<>
wrote:
>By adopting the Silver assurance level my assumption is that password
>based authentication, despite any flaws, is deemed good enough for the
>applications/services leveraging it.
>
>Perhaps the interest in two-factor is actually an indication of the need
>for Gold assurance?
>
>-----Original Message-----
>From:
>
>[mailto:]
> On Behalf Of Caskey, Paul
>Sent: Tuesday, March 13, 2012 11:55 AM
>To:
>
>Subject: RE: [Assurance] silver and two-factor ...
>
>IMHO, and as someone said on a list a week or two ago, there is no such
>thing as a strong password when all an attacker has to do is ask a user
>for their password and, all too often, get it. So, for us, that's why
>we are looking at 2 factor.
>
>That said, I'm sure someone is already working on a new crafty spam mail
>"Please mail me your 2nd factor token and PIN and I will then wire you
>$10 million from this Nigerian prince...". :)
>
>
>
>
>> -----Original Message-----
>> From:
>>
>> [
>> ]
>> On Behalf Of Steven Carmody
>> Sent: Tuesday, March 13, 2012 11:48 AM
>> To:
>>
>> Subject: [Assurance] silver and two-factor ...
>>
>> I'm wondering why so many sites that are interested in Silver are so
>> interested in two-factor....
>>
>> I haven't looked at the Silver profile in a long time. But, my memory
>>is that
>> strong passwords, stored sufficiently securely, and not replicated into
>> uncontrolled environments (eg google), would pass muster with Silver.
>>I'm
>> assuming, of course, that the other Silver criteria (eg around identity
>> proofing, account claiming, etc) would also be met.
>>
>> I can imagine that there may be issues with those passwords passing
>>through
>> a variety of systems (eg systems that are then authenticating users
>>against a
>> central ldap, for instance). But, that's just a guess -- I would be
>>interested in
>> hearing about specific concerns that are driving sites toward
>>two-factor.
>>
>> Thanks for any light you can shine on this!
- [Assurance] silver and two-factor ..., Steven Carmody, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Caskey, Paul, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Frazier, William S [ITSYS], 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Dunker, Mary, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Christopher Bongaarts, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Farmer, Jacob, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Christopher Bongaarts, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Frazier, William S [ITSYS], 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/14/2012
- RE: [Assurance] silver and two-factor ..., David Walker, 03/14/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- Re: [Assurance] silver and two-factor ..., David Bantz, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- RE: [Assurance] silver and two-factor ..., David Walker, 03/14/2012
Archive powered by MHonArc 2.6.16.