cards and tokens are a proxy for the use of a certificate authentication system... You can in fact do certificate auth without the use of cards or tokens or mix and match physical tokens and other private key storage depending on need with the same authentication backend (typically ldap). Since this plays nicely with eap-tls, 802.1x. ike, ssl/tls, and s/mime it seems like a shoe-in, once you have a uniform authentication system one is inclined to use it for everything. obviously being involved in several of these with with multiple ca's is something of a pain in the ass if it involves juggling 2 or more tokens instead of passwords. (which are already a problem if you have to trach quite a few non-overlapping ones. Typically tokens continue to require passwords or some other method to unlock them for use, effectively making them two factor (secret+physical possession) Sean Donelan wrote:
Are any network providers supporting smartcards or other non-password based authentication methods? Passwords always end up blaming the user for choosing/not remembering good passwords instead of blaming the technology for choosing/not doing things so the user isn't forced to work around its flaws.
I know about the DOD Common Access Card. One-time code-generator tokens seem more widely used by single enterprises. But inter-operable credentials still seem to be one of those great unsolved problems for compter security. Are passwords still the only lowest-common-denominator?