AD and enforced password policies

Måns Nilsson mansaxel at besserwisser.org
Tue Jan 3 07:43:55 CST 2012


Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at 05:31:12AM -0800 Quoting Michael Thomas (mike at mtcc.com):
 
> For most need-to-join sites, I think this is a pretty reasonable solution. Maybe
> not for, oh say, financial sites where password recovery is a little bit scarier,
> but for the run of the mill app/site... it seems that this solution at least
> solves the domino problem.

There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate and password/pin code. Most banks have a hardware token,
either challenge-response or HOTP/TOTP; some use the chip in chip-and-pin
cards as certificate carrier, and combine it with a reader device to
manage pin code entry.

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
Hello?  Enema Bondage?  I'm calling because I want to be happy, I guess ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120103/7b923a56/attachment.bin>


More information about the NANOG mailing list