Skip to Content.
Sympa Menu

assurance - Re: [Assurance] silver and two-factor ...

Subject: Assurance

List archive

Re: [Assurance] silver and two-factor ...


Chronological Thread 
  • From: Tom Scavo <>
  • To:
  • Subject: Re: [Assurance] silver and two-factor ...
  • Date: Thu, 15 Mar 2012 16:59:48 -0400 (EDT)



> I still need to make a case for any change that is seen
> as making access more difficult or generating more help desk calls.

I'm in exactly the same boat.

> To be fair to the
> skeptics at my institution, our help desks and other support points
> do routinely receive complaints about password complexity, password
> expiration, and vetting questions for self-service reset of
> forgotten passwords. So a clear and persuasive case has to made for
> changes that improve the level of assurance and protection from
> identity theft that are perceived - rightly or wrongly - as creating
> unnecessary barriers to services.

That's precisely why you want to look at two-factor authentication IMO. In
the presence of 2FA, you can take a fresh look at those antiquated password
policies that seemed to make sense in a password-only environment, and trim
them back so that they produce *fewer* help desk calls.

Of course that assumes you choose an appropriate 2FA technology to begin
with, since the usability gains with respect to the password factor can
easily be offset by loss of usability due to the added the second factor.
It's a balancing act, but it is doable, at least in some environments.

Tom



Archive powered by MHonArc 2.6.16.

Top of Page