How to fight password sharing???

Hi everybody!
I need a piece of advice.
I would like to edit an on line magazine on my website. I asked many people
and many would be very interested in such a magazine! This magazine will not
be released on paper.
I would like people to pay for a 48 issues/year subscription (maybe also a 6
months subscription -24 issues-), but I would give also the chance to pay
just a very small sum to read only this week issue, if they prefer.
I will ask each reader to fill a form with password and userid, but what if
they share their password?
Does anyone know what else can I do?

Kimmy

kimmy

"kimmy" <> wrote in message news:<bo80dj$rbd$>...
> I will ask each reader to fill a form with password and userid, but what if
> they share their password?

I think the question is what are you trying to protect? Are you
concerned that more than one person will access an issue with the same
user ID and password? Do you think you will incur a substantial loss
if users share access?

There are many ways to control access, such as a usage policy with
monetary loss for violations, IP address restrictions, logout
requirements, web page exit detection, access count limit (access the
issue only X times), cookies, and so on.

Or you can accept that more than zero users will share their account
information just like they would share a printed magazine.

n1pop@hotmail.com

<> wrote in message
>
> I think the question is what are you trying to protect? Are you
> concerned that more than one person will access an issue with the same
> user ID and password? Do you think you will incur a substantial loss
> if users share access?
>
> There are many ways to control access, such as a usage policy with
> monetary loss for violations, IP address restrictions, logout
> requirements, web page exit detection, access count limit (access the
> issue only X times), cookies, and so on.
>

I heard of a new software using cellphone as a password to validate the
identity of the user!It's new and quite dramatic!!!
I don't remember the name, there something like saints or saint in it...,
but try a search with google (for example: cellphone+validation).

Ciumpinet

ciumpinet

"ciumpinet" <> wrote in news:boajo9$arf$1
@newsread.albacom.net:

<snip>
>>
>
> I heard of a new software using cellphone as a password to validate the
> identity of the user!It's new and quite dramatic!!!
> I don't remember the name, there something like saints or saint in it...,
> but try a search with google (for example: cellphone+validation).
>
> Ciumpinet
>
>

they announced it in alt.comp.freeware a week ago, for 50 users its free
more users requires a fee for their server use.

site is a bit basic but the idea seems OK.

http://www.saintlogin.com/index1024.php looks quite good, not tried it.

sam

--
Please take out --stuff-- to reply
So much rubbish, make it go away.

Sam Witch

"Sam Witch" <s.witch--stuff--@gawab.com> ha scritto nel messaggio
news:Xns942A7CF941FC7switchgawabcom@130.133.1.4...
> "ciumpinet" <> wrote in news:boajo9$arf$1
> @newsread.albacom.net:
>
> <snip>
> >>
> >
> > I heard of a new software using cellphone as a password to validate the
> > identity of the user!It's new and quite dramatic!!!
> > I don't remember the name, there something like saints or saint in
it...,
> > but try a search with google (for example: cellphone+validation).
> >
> > Ciumpinet
> >
> >
>
> they announced it in alt.comp.freeware a week ago, for 50 users its free
> more users requires a fee for their server use.
>
> site is a bit basic but the idea seems OK.
>
> http://www.saintlogin.com/index1024.php looks quite good, not tried it.
>
> sam
>

Thank you Sam, I'm going to take a look and try it. Never throw another
chance away!

Kimmy

kimmy

"Sam Witch" wrote:

> > they announced it in alt.comp.freeware a week ago, for 50 users its free
> > more users requires a fee for their server use.
> >
> > site is a bit basic but the idea seems OK.
> >
> > http://www.saintlogin.com/index1024.php looks quite good, not tried it.
> >
> > sam
> >
>
> Thank you Sam, I'm going to take a look and try it. Never throw another
> chance away!
>
> Kimmy
>
>
I tested it!
It's dramatic!
You need to send an sms first (to sign in), then you need to dial a phone
number on your cellphone.
After just one phone ringing the system hangs up (it's free too, then!).
And on my screen appeared: WELCOME KIMMY!!!

Can you believe it? It can recognize you!
I'm going to find out more about this stuff!

Kimmy

kimmy

"ciumpinet" <> wrote in message news:<boajo9$arf$>...
>
> I heard of a new software using cellphone as a password to validate the
> identity of the user!It's new and quite dramatic!!!
> I don't remember the name, there something like saints or saint in it...,
> but try a search with google (for example: cellphone+validation).

Saintlogin.

Interesting solution. Personally, I wouldn't use it as a primary or
solitary means of authentication.

It requires the subscriber to have a cellphone, which can discriminate
against those without. It also requires that the phone be uniquely
identifiable, which is relatively new technology and not available for
those using an analog service (my dual service phone can't reach a
digital repeater from my home in the deep country).

It requires the subscriber to make an outgoing call. Even though the
system says it will hang up after the first ring, many service
providers charge from SEND to END plus a few seconds. For me, that
means I must pay for a minute's usage to make one ring.

It seems to require the user to send and/or receive an SMS message
(text message). Not everyone has text messaging enabled, and many pay
a per-message fee.

There is no apparent provision for those who replace their phone.
Since the service seems to identify the phone and not the caller,
changing phones will cause problems authenticating.

But from the point of view of authenticating employees to a company
intranet, this has potential.

n1pop@hotmail.com

On 5 Nov 2003 07:35:27 -0800, wrote:

>"ciumpinet" <> wrote in message news:<boajo9$arf$>...
>>
>> I heard of a new software using cellphone as a password to validate the
>> identity of the user!It's new and quite dramatic!!!
>> I don't remember the name, there something like saints or saint in it...,
>> but try a search with google (for example: cellphone+validation).
>
>Saintlogin.
>
>Interesting solution. Personally, I wouldn't use it as a primary or
>solitary means of authentication.
>
>It requires the subscriber to have a cellphone, which can discriminate
>against those without. It also requires that the phone be uniquely
>identifiable, which is relatively new technology and not available for
>those using an analog service (my dual service phone can't reach a
>digital repeater from my home in the deep country).
>
>It requires the subscriber to make an outgoing call. Even though the
>system says it will hang up after the first ring, many service
>providers charge from SEND to END plus a few seconds. For me, that
>means I must pay for a minute's usage to make one ring.
>
>It seems to require the user to send and/or receive an SMS message
>(text message). Not everyone has text messaging enabled, and many pay
>a per-message fee.
>
>There is no apparent provision for those who replace their phone.
>Since the service seems to identify the phone and not the caller,
>changing phones will cause problems authenticating.
>
>But from the point of view of authenticating employees to a company
>intranet, this has potential.

I'd use smartcards, however if I had developed a system like that
I might plant some inquiries in a security group to try and whip up
interest in the idea.
--
Jim Watt http://www.gibnet.com

Jim Watt

Jim Watt <_way> wrote in
news::

> I'd use smartcards, however if I had developed a system like that
> I might plant some inquiries in a security group to try and whip up
> interest in the idea.

We use tokens to generate dynamic passwords. Works pretty well, and the
user only needs to remember a PIN to use the token. It also lets us
control client access to the system and is quite the revenue op.

n1pop@hotmail.com

On 6 Nov 2003 05:14:53 GMT, "" <>
wrote:

>Jim Watt <_way> wrote in
>news: :
>
>> I'd use smartcards, however if I had developed a system like that
>> I might plant some inquiries in a security group to try and whip up
>> interest in the idea.
>
>We use tokens to generate dynamic passwords. Works pretty well, and the
>user only needs to remember a PIN to use the token. It also lets us
>control client access to the system and is quite the revenue op.

I think that the floppy disk space will give way to a smartcard reader
as a standard item on PC's, already I'm getting intelligent credit
cards turning up.
--
Jim Watt http://www.gibnet.com

Jim Watt