[AusNOG] Authentication Tokens [SEC=UNCLASSIFIED]

Kayne Naughton Kayne.Naughton at acma.gov.au
Thu Jun 18 09:43:30 EST 2009


I know people who regularly carry 3+ tokens on their keys (savings
account, visa debit account, work Citrix login etc.) - Branding would be
worth it not to have somebody hammering your helpdesk every time they
get their small grey Suncorp fob confused with their medium black work
VPN fob. It also helps with brand identity and all that marketing jazz I
dare say.

Give me a single device I can put all of my token seeds into and I'll be
happy... it should be my phone. All we need now is to get the seeds
distributed to consumers and a standard interface authenticating and
putting codes into it. Blizzard offer an iPhone authenticator app for
World of Warcraft as they kept selling out of token generators too
quickly - it's a good solution for helping against key logging but
unfortunately users are going to remain the weak point in any security
system for a long time to come I think.

Regards,
Kayne

-----Original Message-----
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Curtis Bayne
Sent: Thursday, 18 June 2009 8:52 AM
To: ausnog at ausnog.net
Subject: Re: [AusNOG] Authentication Tokens


Considering that tokens are (at least in our case) usually on the same
retractable keychain as our datacentre swipe cards and photo identity
cards I don't really see how it adds any extra security.

Then again, seeing my logo on anything with a screen or blinking lights
pretty much grabs me hook, line and sinker. I'm a sucker for
merchandise.

Curtis


Managing Director
SONET Telecommunications


via SONET Mobile Messaging

On 18/06/2009, at 7:23 AM, "Aaron Weller // Crucial Paradigm"
<aaron at crucialp.com  > wrote:

> I would have thought the same thing, but I was surprised to find out 
> when our bank sent us one of these tokens it was branded by them!  I 
> think it defeats half the purpose of having one!
>
> Regards,
> Aaron
>
> Tony wrote:
>> --- On Wed, 17/6/09, Daniel O'Connor <doconnor at gsoft.com.au> wrote:
>>
>>
>>> I've seen these..
>>> http://www.yubico.com/products/yubikey/
>>>
>>>
>>
>>> From that website:
>>
>> "Brandable - Your company's distinctive YubiKey can be branded with 
>> your corporate profile or logo."
>>
>> Is it just me, or is that a bit in the opposite direction that you 
>> should be taking for secure tokens ? Surely advertising the corporate

>> network that the token could be used to break into if stolen isn't 
>> the best idea...
>>
>>
>> regards,
>> Tony.
>>
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

If you have received this email in error, please notify the sender immediately and erase all copies of the email and any attachments to it. The information contained in this email and any attachments may be private, confidential and legally privileged or the subject of copyright. If you are not the addressee it may be illegal to review, disclose, use, forward, or distribute this email and/or its contents.
 
Unless otherwise specified, the information in the email and any attachments is intended as a guide only and should not be relied upon as legal or technical advice or regarded as a substitute for legal or technical advice in individual cases. Opinions contained in this email or any of its attachments do not necessarily reflect the opinions of ACMA.



More information about the AusNOG mailing list