Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multi-factor login authentication schemes inlcuding password recovery

from [steve wright] Network Security [Permanent Link]
Subject: Multi-factor login authentication schemes inlcuding password recovery
Date: Thu, 7 Oct 2004 14:45:04 -0700 (PDT) 
Hello!
 
I need to design a web application that incorporates a
layered password login page since I can not use
client-side certificates etc for this project - but
need to beef up the usual password/username scheme.

Are there are good whitepapers that describes such as
a web application scheme, including the registration
process, where the user would need to provide a
passphrase, to be used as a shared secret in the
authentication process. To compliment this a secure
password recovery process is also needed. Something
along the lines of what many internet banks do these
days  with username  and password then reirection to a
new page with 3 random  characters from your
passphrase, plus a secure "forgot your password"
process to go with it.
 
Any pointers to resources which details such a scheme
with some nice process flows would be highly
appreciated...

What I have found so far on the net described some of
the above in a fragmented and incomplete manner. I
have yet to find a comprehensive guide/whitepaper that
does a good job of covering all aspects including
mapping out the required processes...
 
- SW


                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Auditing user session activity, Michael Silk
Next by Date:  RE: List of Movies with security emphasis (in reply to:Hacking/security in main-stream media), David Raphael
Previous by Thread:  SSL and replay attacks, Ajay
Next by Thread:  Re: Multi-factor login authentication schemes inlcuding password recovery, Saqib . N . Ali
Indexes:  [Date] [Thread] [Top] [All Lists]