[Tfug] Authentication procedures

[Bexley Hall]

Hi, Glen,

> Here's my preferred scheme, but I don't use it for email
> systems like Gmail, so it has obvious flaws in that application:
> 
> I use a Secret Question & Answer, with better questions than 
> "What's your birthday?". Granted, if someone knows enough about 
> you, they may still be able to answer it. But that's not the end 
> of it.
> 
> Once you answer correctly, a temporary password is sent to your 
> email account. When you log in with it, you are of course 
> required to change it.
> 
> This provides two layers of security, in that someone attempting 
> to access your account would have to be able to answer your
> security question AND have access to your email account. 

But, if your *one* account has been compromised, there is also
a good chance that the *other* is as well.  E.g., imagine
having "cross-coupled" two email accounts -- each listing the
other as the "secondary email".  If someone gains access to
one of them, they can use that to capture the password
mailed to *it* for your second account.

<frown>

Yes, I know this dosn't apply to all scenarios (e.g., account 1
might be a banking account while account 2 might be "pay your
phone bill online" account, etc.).

I guess I think the only way for "secrets" to make sense is
for them to be completely independant.  Otherwise, a compromise
in one can quickly lead to a compromise in many (like a wonky
~hosts.equiv).

> Obviously it's not fool proof, but then again nothing is. 
> However, it does seem to address the needs of the clients I
> work with.
> 
> But like I said, that wouldn't work very well for a system
> like Gmail, Yahoo Mail, etc.

I wonder if the *only* truly secure way of going at this is
with a physical credential?  (which makes it *abundantly*
clear to the holder that "you lose this and you are SCREWED!")

--don