How to Negate the Security of an Access Token
Everyone knows that writing your password on your monitor is bad security. Is it really so hard to realize that attaching your SecurID token to your computer is just as bad?
Posted on December 28, 2006 at 7:42 AM
The SecureID is relatively useless of course without the pin or domain password. However, it's a hell of a lot easier to crack a password than to brute force a 6 digit number that changes every 60 seconds. A password/pin can be taken offline for cracking... no such luck with the token.
Ensuring a thief gets both your laptop AND the secureID seems foolish to me. Even taking the simple step of keeping the token in your pocket on your keyring goes a long way to ensuring you don't lose both.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.