[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Duress Passwords/PINs/Combinations
> Having a separate authentication mechanism that is used
> under duress is a very good idea that some existing systems already
> employ. I'll pass along the ones I have had contact with. From a
> systems point of view, it is hard to figure out exactly how the system
> should respond when it recognizes a duress authentication. There are
> competing interests as I'll explain after some examples.
The SecureID system has a duress PIN built in to it as well. Using
that PIN, you're still authenticated, but the server software knows
that you entered it under duress and does the "appropriate" thing.
-David