From: Martin Minow <minow@apple.com>
To: pjb@ny.ubs.com (Paul J. Bell)
Message Hash: 08c12b27be01201d7c2cbd5c7d74cc1cdbfbbaf01cb138158b4bbfe8edeb4e98
Message ID: <v03007803ae3165aaac72@[17.202.12.102]>
Reply To: <9608091601.AA02324@sherry.ny.ubs.com>
UTC Datetime: 1996-08-10 00:16:09 UTC
Raw Date: Sat, 10 Aug 1996 08:16:09 +0800
From: Martin Minow <minow@apple.com>
Date: Sat, 10 Aug 1996 08:16:09 +0800
To: pjb@ny.ubs.com (Paul J. Bell)
Subject: Re: SecurID
In-Reply-To: <9608091601.AA02324@sherry.ny.ubs.com>
Message-ID: <v03007803ae3165aaac72@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain
I've been using SecureID for the better part of a year now and am
quite pleased with the way it works. Here are the negatives,
though they are not very interesting:
-- There is a false rejection rate of around 2-5% (failure to login
with my presumably valid SecureID card). This includes modem
bobbles and database crashes. It generally is self-correcting.
-- Dialup access only. This would prevent me to access my mail server
(which is inside the firewall) from telnet.
-- Interactive access only; I can't program my home machine to dial
in at 5:00 AM to read mail without intervention.
-- We have a mixture of direct and 800 number dialups -- this presumably
protects against problems unique to a single server.
In my case, SecureID is integrated into ARA (Apple Remote Access).
Client installation was trivial. I don't know what, if any, link-encryption
is incorporated.
The user overhead is about 30 seconds per dialup.
Martin Minow
minow@apple.com
>someone at my firm is about to press the securid system down our collective
>throats. please point me to the recent thread on this subject, and/or point
>me to some url's or the like, or to someone who has some firsthand knowledge
>of the pitfalls and/or vulnerbilities of secirid.
>
>cheers,
> -paul
>
Return to August 1996
Return to “pjb@ny.ubs.com (Paul J. Bell)”