I found a really awesome article on passwords. I was pleased to read that complex passwords are not as practical as their ubiquitousness would lead us to believe. Pass phrases are much better. I was even happier to see a suggestion that just makes perfect sense. If you work for a company that uses 2 factor authentication to access your work email from outside the company for example, you probably have one of those RSA password fobs that offers you a temporary password to use when you log in.
This technology can be integrated into every website that requires a login and the fob can be replaced by your cell phone. A user enters their login name at a given site, and in a few seconds their phone beeps with a text message containing a temporary password. The beauty of this is that every password you use is only good for one session, so even if someone does happen to see you type it in, they couldn't use it if they tried.
It also makes losing your phone a reportable incident.
No comments:
Post a Comment