On Jul 22, 2011, at 2:09 PM, Tracy Reed wrote: > On Fri, Jul 22, 2011 at 02:03:49PM -0700, Robert Hajime Lanning spake thusly: >> Not enforcible, unless you use something like a PKCS#11 token, where you >> have to authenticate to the hard token to get access to your private key. > > You can't enforce people not simply giving away their passwords or > writing them down in silly places either. The perfect solution is > non-existent.
I've recently signed up for a free account with Duo Security (http://www.duosecurity.com/) to test out on my home systems, while I consider whether or not I want to explore further uses. It's another perspective on two-factor authentication with a token, where the token is your phone or mobile device. I haven't had time yet, but am hoping to get to implement it for SSH access to all my linux systems at home, starting with the one that's internet-facing. Gregory -- Gregory K. Ruiz-Ade <g...@unnerving.org> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu _______________________________________________ Discuss mailing list Discuss@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
