My favorite color is "three" - The Official Citrix Blog - BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.
Blogs » Syndicated Industry Blogs from around the Web » The Official Citrix Blog » My favorite color is "three"
The Official Citrix Blog's Blog

Syndication

Recent Posts

Archives

My favorite color is "three"

Written on Mar 18 2008 1,864 views, 2 comments

by The Official Citrix Blog

Most people don't realize the value of the answers to their personal security questions (Citrix Password Manager calls this Question Based Authentication.) As it turns out, those answers are more valuable than passwords. If someone learns enough answers Read More...

Read the complete post at http://feeds.citrix.com/~r/officialcitrixblog/blog/~3/253897282/viewpage.action

 
 



Comments

Michel Roth wrote What about?
on Wed, Mar 19 2008 1:30 AM Link To This Comment

I actually ran into this yesterday. It seems like almost every password reset program has about the same questions. That there should be more mention of the way words are written. So for example explicitly mention that caps are ignored, or explicitly mention that it's case sensitive. Mention that special chars like hyphens, underscores and such aren't allowed

What about providing multiple choice? When the user has selected favorite color, just add 19 others and make them pick. This of course needs to be in line with the lockout policies. 

One method of authentication I particularly like is the use of the mobile phone to sent an authentication message to. I know that this in more in the area of access security but I really like it. You can also combine it with a password-question approach.

I'm curious, is Citrix planning on offering any kind of SMS (as in Short Message Service) integration in Password Manager?

Michel Roth
Thincomputing.net

Kate Brew wrote Re: What about?
on Thu, Mar 20 2008 2:13 PM Link To This Comment

Yes I love multiple choice tests!  Even if you don't know the answers you have a fighting chance.  But that's the problem: with multiple choice there are a finite number of clear choices, giving a hacker a fighting chance.

A note suggesting avoiding special characters is a very good idea.  I'll chat with the engineers and pubs on what we could do for our app.

On the mobile phone authentication, I spoke with Positive Networks and learned about their product, Phone Factor recently.  The mobile phone is the one device you pretty much always have nearby.  Makes perfect sense, and spares you from having an additional device like a security token (to lose or break.)  Citrix isn't in the strong authentication business, but it's still interesting.

I had an another response on the Citrix Blog where creating your own questions was suggested.  That way you could set up questions that would be extremely difficult to guess - they could be things only you know.  Nice suggestion from Donovan.

I'm intrigued by the notion of integrating SMS with CPM.  I'm not aware of it being mentioned before.  Are you envisioning linking SMS to the CPM agent and using it to see who else is logged on and to allow users to chat?  Or other purposes?

Kate Brew

CPM product manager

(Note: You must be logged in to post a comment.)

If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.

Copyright © 1997-2013 TechTarget | Disclosures | Privacy Policy | Contact Info

BrianMadden.com | SearchVirtualDesktop.com | SearchEnterpriseDesktop.com | SearchServerVirtualization.com | SearchVMware.com