How to fight password sharing???

Discussion in 'Computer Security' started by kimmy, Nov 4, 2003.

  1. kimmy

    kimmy Guest

    Hi everybody! :)
    I need a piece of advice.
    I would like to edit an on line magazine on my website. I asked many people
    and many would be very interested in such a magazine! This magazine will not
    be released on paper.
    I would like people to pay for a 48 issues/year subscription (maybe also a 6
    months subscription -24 issues-), but I would give also the chance to pay
    just a very small sum to read only this week issue, if they prefer.
    I will ask each reader to fill a form with password and userid, but what if
    they share their password?
    Does anyone know what else can I do?

    Kimmy
    kimmy, Nov 4, 2003
    #1
    1. Advertising

  2. kimmy

    Guest

    "kimmy" <> wrote in message news:<bo80dj$rbd$>...
    > I will ask each reader to fill a form with password and userid, but what if
    > they share their password?


    I think the question is what are you trying to protect? Are you
    concerned that more than one person will access an issue with the same
    user ID and password? Do you think you will incur a substantial loss
    if users share access?

    There are many ways to control access, such as a usage policy with
    monetary loss for violations, IP address restrictions, logout
    requirements, web page exit detection, access count limit (access the
    issue only X times), cookies, and so on.

    Or you can accept that more than zero users will share their account
    information just like they would share a printed magazine.
    , Nov 4, 2003
    #2
    1. Advertising

  3. kimmy

    ciumpinet Guest

    <> wrote in message
    >
    > I think the question is what are you trying to protect? Are you
    > concerned that more than one person will access an issue with the same
    > user ID and password? Do you think you will incur a substantial loss
    > if users share access?
    >
    > There are many ways to control access, such as a usage policy with
    > monetary loss for violations, IP address restrictions, logout
    > requirements, web page exit detection, access count limit (access the
    > issue only X times), cookies, and so on.
    >


    I heard of a new software using cellphone as a password to validate the
    identity of the user!It's new and quite dramatic!!!
    I don't remember the name, there something like saints or saint in it...,
    but try a search with google (for example: cellphone+validation).

    Ciumpinet
    ciumpinet, Nov 5, 2003
    #3
  4. kimmy

    Sam Witch Guest

    "ciumpinet" <> wrote in news:boajo9$arf$1
    @newsread.albacom.net:

    <snip>
    >>

    >
    > I heard of a new software using cellphone as a password to validate the
    > identity of the user!It's new and quite dramatic!!!
    > I don't remember the name, there something like saints or saint in it...,
    > but try a search with google (for example: cellphone+validation).
    >
    > Ciumpinet
    >
    >


    they announced it in alt.comp.freeware a week ago, for 50 users its free
    more users requires a fee for their server use.

    site is a bit basic but the idea seems OK.

    http://www.saintlogin.com/index1024.php looks quite good, not tried it.

    sam

    --
    Please take out --stuff-- to reply
    So much rubbish, make it go away.
    Sam Witch, Nov 5, 2003
    #4
  5. kimmy

    kimmy Guest

    "Sam Witch" <> ha scritto nel messaggio
    news:Xns942A7CF941FC7switchgawabcom@130.133.1.4...
    > "ciumpinet" <> wrote in news:boajo9$arf$1
    > @newsread.albacom.net:
    >
    > <snip>
    > >>

    > >
    > > I heard of a new software using cellphone as a password to validate the
    > > identity of the user!It's new and quite dramatic!!!
    > > I don't remember the name, there something like saints or saint in

    it...,
    > > but try a search with google (for example: cellphone+validation).
    > >
    > > Ciumpinet
    > >
    > >

    >
    > they announced it in alt.comp.freeware a week ago, for 50 users its free
    > more users requires a fee for their server use.
    >
    > site is a bit basic but the idea seems OK.
    >
    > http://www.saintlogin.com/index1024.php looks quite good, not tried it.
    >
    > sam
    >


    Thank you Sam, I'm going to take a look and try it. Never throw another
    chance away!

    Kimmy
    kimmy, Nov 5, 2003
    #5
  6. kimmy

    kimmy Guest

    "Sam Witch" wrote:

    > > they announced it in alt.comp.freeware a week ago, for 50 users its free
    > > more users requires a fee for their server use.
    > >
    > > site is a bit basic but the idea seems OK.
    > >
    > > http://www.saintlogin.com/index1024.php looks quite good, not tried it.
    > >
    > > sam
    > >

    >
    > Thank you Sam, I'm going to take a look and try it. Never throw another
    > chance away!
    >
    > Kimmy
    >
    >

    I tested it!
    It's dramatic!
    You need to send an sms first (to sign in), then you need to dial a phone
    number on your cellphone.
    After just one phone ringing the system hangs up (it's free too, then!).
    And on my screen appeared: WELCOME KIMMY!!!

    Can you believe it? It can recognize you!
    I'm going to find out more about this stuff!

    Kimmy
    kimmy, Nov 5, 2003
    #6
  7. kimmy

    Guest

    "ciumpinet" <> wrote in message news:<boajo9$arf$>...
    >
    > I heard of a new software using cellphone as a password to validate the
    > identity of the user!It's new and quite dramatic!!!
    > I don't remember the name, there something like saints or saint in it...,
    > but try a search with google (for example: cellphone+validation).


    Saintlogin.

    Interesting solution. Personally, I wouldn't use it as a primary or
    solitary means of authentication.

    It requires the subscriber to have a cellphone, which can discriminate
    against those without. It also requires that the phone be uniquely
    identifiable, which is relatively new technology and not available for
    those using an analog service (my dual service phone can't reach a
    digital repeater from my home in the deep country).

    It requires the subscriber to make an outgoing call. Even though the
    system says it will hang up after the first ring, many service
    providers charge from SEND to END plus a few seconds. For me, that
    means I must pay for a minute's usage to make one ring.

    It seems to require the user to send and/or receive an SMS message
    (text message). Not everyone has text messaging enabled, and many pay
    a per-message fee.

    There is no apparent provision for those who replace their phone.
    Since the service seems to identify the phone and not the caller,
    changing phones will cause problems authenticating.

    But from the point of view of authenticating employees to a company
    intranet, this has potential.
    , Nov 5, 2003
    #7
  8. kimmy

    Jim Watt Guest

    On 5 Nov 2003 07:35:27 -0800, wrote:

    >"ciumpinet" <> wrote in message news:<boajo9$arf$>...
    >>
    >> I heard of a new software using cellphone as a password to validate the
    >> identity of the user!It's new and quite dramatic!!!
    >> I don't remember the name, there something like saints or saint in it...,
    >> but try a search with google (for example: cellphone+validation).

    >
    >Saintlogin.
    >
    >Interesting solution. Personally, I wouldn't use it as a primary or
    >solitary means of authentication.
    >
    >It requires the subscriber to have a cellphone, which can discriminate
    >against those without. It also requires that the phone be uniquely
    >identifiable, which is relatively new technology and not available for
    >those using an analog service (my dual service phone can't reach a
    >digital repeater from my home in the deep country).
    >
    >It requires the subscriber to make an outgoing call. Even though the
    >system says it will hang up after the first ring, many service
    >providers charge from SEND to END plus a few seconds. For me, that
    >means I must pay for a minute's usage to make one ring.
    >
    >It seems to require the user to send and/or receive an SMS message
    >(text message). Not everyone has text messaging enabled, and many pay
    >a per-message fee.
    >
    >There is no apparent provision for those who replace their phone.
    >Since the service seems to identify the phone and not the caller,
    >changing phones will cause problems authenticating.
    >
    >But from the point of view of authenticating employees to a company
    >intranet, this has potential.


    I'd use smartcards, however if I had developed a system like that
    I might plant some inquiries in a security group to try and whip up
    interest in the idea.
    --
    Jim Watt http://www.gibnet.com
    Jim Watt, Nov 5, 2003
    #8
  9. kimmy

    Guest

    Jim Watt <_way> wrote in
    news::

    > I'd use smartcards, however if I had developed a system like that
    > I might plant some inquiries in a security group to try and whip up
    > interest in the idea.


    We use tokens to generate dynamic passwords. Works pretty well, and the
    user only needs to remember a PIN to use the token. It also lets us
    control client access to the system and is quite the revenue op.
    , Nov 6, 2003
    #9
  10. kimmy

    Jim Watt Guest

    On 6 Nov 2003 05:14:53 GMT, "" <>
    wrote:

    >Jim Watt <_way> wrote in
    >news::
    >
    >> I'd use smartcards, however if I had developed a system like that
    >> I might plant some inquiries in a security group to try and whip up
    >> interest in the idea.

    >
    >We use tokens to generate dynamic passwords. Works pretty well, and the
    >user only needs to remember a PIN to use the token. It also lets us
    >control client access to the system and is quite the revenue op.


    I think that the floppy disk space will give way to a smartcard reader
    as a standard item on PC's, already I'm getting intelligent credit
    cards turning up.
    --
    Jim Watt http://www.gibnet.com
    Jim Watt, Nov 6, 2003
    #10
  11. kimmy

    TheWIZofWoz Guest

    > > I'd use smartcards, however if I had developed a system like that
    > > I might plant some inquiries in a security group to try and whip up
    > > interest in the idea.

    >
    > We use tokens to generate dynamic passwords. Works pretty well, and the
    > user only needs to remember a PIN to use the token. It also lets us
    > control client access to the system and is quite the revenue op.


    We also use random generators from RSA, but they cost much and people often
    forget or loose the token, we also had the problem of setting up a CRM to
    make use support available (you won't believe how many dumbs populate the
    world...)
    I tested the Saintlogin, it looks great, people rarely forget their mobile
    phone and surely they are smart enough to dial a number, it seems to be a
    'smart' smartcard-replacer...

    Andy
    TheWIZofWoz, Nov 6, 2003
    #11
  12. kimmy

    Jim Watt Guest

    On Thu, 6 Nov 2003 15:54:51 +0100, "TheWIZofWoz" <>
    wrote:

    >> > I'd use smartcards, however if I had developed a system like that
    >> > I might plant some inquiries in a security group to try and whip up
    >> > interest in the idea.

    >>
    >> We use tokens to generate dynamic passwords. Works pretty well, and the
    >> user only needs to remember a PIN to use the token. It also lets us
    >> control client access to the system and is quite the revenue op.

    >
    >We also use random generators from RSA, but they cost much and people often
    >forget or loose the token, we also had the problem of setting up a CRM to
    >make use support available (you won't believe how many dumbs populate the
    >world...)
    >I tested the Saintlogin, it looks great, people rarely forget their mobile
    >phone and surely they are smart enough to dial a number, it seems to be a
    >'smart' smartcard-replacer...
    >
    >Andy


    It relies on caller ID and thats not reliable, nor is it enabled on my
    phone.

    --
    Jim Watt http://www.gibnet.com
    Jim Watt, Nov 6, 2003
    #12
  13. kimmy

    Guest

    Jim Watt <_way> wrote in
    news::

    > I think that the floppy disk space will give way to a smartcard reader
    > as a standard item on PC's, already I'm getting intelligent credit
    > cards turning up.


    That would be nice, we're ready to upgrade from tokens. But most of our
    clients hate to spend money on new workstations. Some are still using 95,
    of all things. It was just a few years ago we got our last 3.1 advocate to
    upgrade (If it was good enough for Grandpa...).
    , Nov 8, 2003
    #13
  14. kimmy

    Guest

    "TheWIZofWoz" <> wrote in
    news:bodnef$956$:

    > We also use random generators from RSA, but they cost much and people
    > often forget or loose the token, we also had the problem of setting up
    > a CRM to make use support available (you won't believe how many dumbs
    > populate the world...)


    A sad downside, to be sure. But we do pass on that cost to the end user,
    plus a fat markup, so they rarely lose them anymore.
    , Nov 8, 2003
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jérémie

    Help fight spammers

    Jérémie, Sep 6, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    444
    SgtMinor
    Sep 6, 2003
  2. Pauline Johnson

    Google to offer free email in fight for web supremacy

    Pauline Johnson, Apr 2, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    336
  3. Sergeant Major Carlton Guddlelock-Mublinghotch

    FIGHT - FIGHT!!!

    Sergeant Major Carlton Guddlelock-Mublinghotch, Mar 4, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    497
    Ionizer
    Mar 4, 2005
  4. Sergeant Major Carlton Guddlelock-Mublinghotch

    FIGHT - FIGHT!!!

    Sergeant Major Carlton Guddlelock-Mublinghotch, Mar 4, 2005, in forum: Computer Information
    Replies:
    4
    Views:
    493
    Ionizer
    Mar 4, 2005
  5. Replies:
    0
    Views:
    360
Loading...

Share This Page