One Time Passwords…

I’m going to keep this article from the Miami Herald, so I can forward it to anyone who complains about needing a One-Time-Password to remotely access their employer’s network.   I encourage everyone to program a red flag to pop up in your head whenever anything asks you for username/password.  Ask yourself…

  1. Do I believe I can trust this physical location
    1. Is it shared internet and/or computer access?
    2. Do I trust who had access before me?
  2. Do I believe I can trust this virtual location?
    1. Is it HTTPS with valid certificate?
    2. Did I get here from a reliable source?
  3. What would happen if these credentials were compromised?
    1. Remember many sites will allow a password change while relying on nothing but the belief that only you know the password to your web-mail.

Of course almost all of the long term risk posed by these threats can be mitigated by using a one-time-password.  Next time you have to use one thank an Information Security Administrator instead of complaining to one.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s