Whilst one-time keycards are nice, ones such as S/Key are also "dangerous".
If you're attending a conference (and have a name tag), or travelling,
you're going to take your s/key list or other with you...whilst the
security seems well and good, it does, however, reduce the skill required
to get `in' to somene who is good at picking pockets...and what do you do
if you `lose' your `card' ? Can you call back to work, 24 hours a day and
report it missing ?
Some of the pricey cards require PIN numbers which is better, but again,
what sort of backup/procedure do you have for cards that go missing ?
Maybe S/key could be enhanced to require a "secret" password, in addition
to the one-time password to affirm authenticity ? (NOT the one used to
generate the keys). The role of it is to make up for not having a PIN
number...
darren
p.s. I'm assuming they get your wallet and/or know who you are anyway...
Follow-Ups:
References:
|
|
