Improved Security - AOL/RSA Security Device

talk random
1

I figure this is more of a general-interest topic :slight_smile:

Subscribers get a matchbook-size device from RSA Security Inc. displaying a six-digit code that changes every minute. The code is necessary to log on, so a scammer who guesses or steals a password cannot access the account without the device in hand.
[size=1]([/size][size=1]http://www.msnbc.msn.com/id/6062511/[/size][size=1])[/size]
[size=1][/size]
That is actually pretty clever.

:ro:

2

Yeh, but how annoying would it be to have to have the code box with you all the time? What if you lost it?

Your average Joe Bloggs can’t even remember his original password, let alone where he put that little bloody box thing they sent him :slight_smile:

3

It’s an added fee, so it’s only for people who really want it… they’ll find a way.

A lot of us carry around keys, wallets, and RFID door cards - something like this wouldn’t be too much more of a hassle.

It finally gets into the theory of good security. The best authentication schemes use three factors:

  1. Something you are (fingerprints, retina scan, something that can’t be stolen)
  2. Something you have (random, one time key generators, like above, or magnetic keys), and
  3. Something you know (traditional passwords, to prove that you really are alive and functional, not just a partial finger).

Now, all AOL has to do is integrate biometrics, and they’ll be in really good shape.

4

Most bigger companies use them (General Electric) for access on almost everything that requires permission.