From: Martin Minow <minow@apple.com>
Date: Sat, 10 Aug 1996 08:16:09 +0800
To: pjb@ny.ubs.com (Paul J. Bell)
Subject: Re: SecurID
In-Reply-To: <9608091601.AA02324@sherry.ny.ubs.com>
Message-ID: <v03007803ae3165aaac72@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


I've been using SecureID for the better part of a year now and am
quite pleased with the way it works.  Here are the negatives,
though they are not very interesting:

-- There is a false rejection rate of around 2-5% (failure to login
   with my presumably valid SecureID card). This includes modem
   bobbles and database crashes. It generally is self-correcting.
-- Dialup access only. This would prevent me to access my mail server
   (which is inside the firewall) from telnet.
-- Interactive access only; I can't program my home machine to dial
   in at 5:00 AM to read mail without intervention.
-- We have a mixture of direct and 800 number dialups -- this presumably
   protects against problems unique to a single server.

In my case, SecureID is integrated into ARA (Apple Remote Access).
Client installation was trivial. I don't know what, if any, link-encryption
is incorporated.

The user overhead is about 30 seconds per dialup.

Martin Minow
minow@apple.com


>someone at my firm is about to press the securid system down our collective
>throats. please point me to the recent thread on this subject, and/or point
>me to some url's or the like, or to someone who has some firsthand knowledge
>of the pitfalls and/or vulnerbilities of secirid.
>
>cheers,
>	-paul
>