Am 29.12.2011 15:24, schrieb m.roth@xxxxxxxxx: > Reindl Harald wrote: >> Am 29.12.2011 14:21, schrieb Marko Vojinovic: >>>> so explain me why discuss to use or not to use the best >>>> currently availbale method in context of security? >>> >>> Using the ssh key can be problematic because it is too long and too >>> random to be memorized --- you have to carry it on a usb stick (or >>> whereever). This provides an additional point of failure should your >>> stick get lost or stolen. >>> Human brain is still by far the most secure information-storage device. >>> :-) >> >> this is bullshit >> most people have their ssh-key on a usb-stick >> >> normally a ssh-key is protected by a password >> this can be your 12-char password > <snip> > Many US companies have gone past that. > > A number that I've worked for, and > the one I work for, all have used RSA keyfobs. To open the VPN link, you > need three pieces of information: userid, PIN (which is up to 8 chars min) > and the six digit code from the fob. > > The US gov't has gone a different way: it issues CaC or PIV-II cards, and > you need a) a card reader attached or builtin to your system, b) the card, > and c) your PIN (8 digits). > > In both cases, once you've got your VPN, *then* it will frequently be > asking for username & passwords for each different kind of access. why do you not tell this the idiot who is argumentating against kyes and thinks using password-login is smart?
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
