[c-nsp] cisco.com password management
Daniel Roesen
dr at cluenet.de
Mon Jan 12 10:11:01 EST 2009
On Mon, Jan 12, 2009 at 03:56:51PM +0100, Peter Rathlev wrote:
> This is obviously bollocks. Security questions _DO_ replace my user ID
> and password if they can be used to get access to an account.
Indeed. Those "security questions" definately LOWER the security on
accounts, as a) I won't provide CSCO with any challenge+response only
_I_ would know, and b) if I don't, others know as well, so it's in fact
sharing passwords.
The only way out are to trick those systems by crafting the questions
in a secure way, where challenge+response effectively equals passwords
again.
Sigh.
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the cisco-nsp
mailing list