Reindl Harald wrote:
Am 29.12.2011 14:21, schrieb Marko Vojinovic:
so explain me why discuss to use or not to use the best currently availbale method in context of security?
Using the ssh key can be problematic because it is too long and too random to be memorized --- you have to carry it on a usb stick (or whereever). This provides an additional point of failure should your stick get lost or stolen. Human brain is still by far the most secure information-storage device. :-)
this is bullshit most people have their ssh-key on a usb-stick
normally a ssh-key is protected by a password this can be your 12-char password
<snip> Many US companies have gone past that. A number that I've worked for, and the one I work for, all have used RSA keyfobs. To open the VPN link, you need three pieces of information: userid, PIN (which is up to 8 chars min) and the six digit code from the fob.
The US gov't has gone a different way: it issues CaC or PIV-II cards, and you need a) a card reader attached or builtin to your system, b) the card, and c) your PIN (8 digits).
In both cases, once you've got your VPN, *then* it will frequently be asking for username & passwords for each different kind of access.
mark