AD and enforced password policies
mansaxel at besserwisser.org
Tue Jan 3 07:43:55 CST 2012
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at 05:31:12AM -0800 Quoting Michael Thomas (mike at mtcc.com):
> For most need-to-join sites, I think this is a pretty reasonable solution. Maybe
> not for, oh say, financial sites where password recovery is a little bit scarier,
> but for the run of the mill app/site... it seems that this solution at least
> solves the domino problem.
There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate and password/pin code. Most banks have a hardware token,
either challenge-response or HOTP/TOTP; some use the chip in chip-and-pin
cards as certificate carrier, and combine it with a reader device to
manage pin code entry.
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
Hello? Enema Bondage? I'm calling because I want to be happy, I guess ...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the NANOG