1993-11-18 - Re: Duress Passwords/PINs/Combinations

Header Data

From: David Kovar <kovar@nda.com>
To: baldwin@LAT.COM (Bob Baldwin)
Message Hash: dd1ede8002e7348ac6d0d25822d348cf4f75f363911b241b9bbbbe2df98b7394
Message ID: <199311182240.RAA04041@nda.nda.com>
Reply To: <9311182123.AA14221@LAT.COM>
UTC Datetime: 1993-11-18 22:41:38 UTC
Raw Date: Thu, 18 Nov 93 14:41:38 PST

Raw message

From: David Kovar <kovar@nda.com>
Date: Thu, 18 Nov 93 14:41:38 PST
To: baldwin@LAT.COM (Bob Baldwin)
Subject: Re: Duress Passwords/PINs/Combinations
In-Reply-To: <9311182123.AA14221@LAT.COM>
Message-ID: <199311182240.RAA04041@nda.nda.com>
MIME-Version: 1.0
Content-Type: text/plain


> 	Having a separate authentication mechanism that is used
> under duress is a very good idea that some existing systems already
> employ.  I'll pass along the ones I have had contact with.  From a
> systems point of view, it is hard to figure out exactly how the system
> should respond when it recognizes a duress authentication.  There are
> competing interests as I'll explain after some examples.

The SecureID system has a duress PIN built in to it as well. Using
that PIN, you're still authenticated, but the server software knows
that you entered it under duress and does the "appropriate" thing.

-David




Thread