Re: AT&T WiFi at McDonalds, etc
- From: John Navas <spamfilter1@xxxxxxxxxxxxxx>
- Date: Fri, 02 Nov 2007 16:42:54 GMT
On Thu, 01 Nov 2007 19:03:23 -0700, Jeff Liebermann <jeffl@xxxxxxxxxx>
wrote in <gg0li35j89eic0ni9ofrsfcmkit7hghcec@xxxxxxx>:
John Navas <spamfilter1@xxxxxxxxxxxxxx> hath wroth:
The real effort is support, because lots of people don't know what to
do, or simply forget their credentials (or worse, post their credentials
on a PostIt Note for everyone to see).
Passwords suck.
Yep!
I've degenerated into becoming a archive for my
customers passwords, a rather dangerous and wasted exercise.
My own policy is to have absolutely nothing to do with client passwords
-- too much liability. When a client forgets a password, I have a new
temporary one generated and sent, with a flag that forces the client to
change it, plus logic to prevent weak passwords.
I'm
somewhat of a fan of X.509 authentication, with a USB dongle
containing the certificates, but even that's become a mess, with my
medical office customers, when someone forgets their dongle at home.
That problem, plus the problem of security breach if the dongle is lost
or stolen, has discouraged me from using that approach.
I
have some hope that the growing use of thumbprint identification will
eliminate password management problem.
Me too, but only some hope, since it's still not completely reliable --
still fails too often, and the low end units are still pretty easy to
spoof.
What's really needed is to train users in authentication, but that just
ain't gonna happen, so there's really no point to messing that way.
Nope. You missed my point. The problem I'm trying to solve is
prevent wireless sniffing of hot spot traffic. If the traffic were
encrypted with a unique one time WPA key delivered by a RADIUS server,
sniffing would be impossible. I have a 2nd experimental access point
running this way at a customers, and so far, it's working.
Likewise, except my own preference is for VPN, which is universal (not
just limited to specific hotspots); can be configured once; and set to
work automatically. In addition, I don't have to depend on the local
infrastructure working properly or on the integrity of the local
infrastructure provider. (If possible, I recommend the client having
its own VPN server, as I do.)
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
.
- Follow-Ups:
- Re: AT&T WiFi at McDonalds, etc
- From: dold
- Re: AT&T WiFi at McDonalds, etc
- From: Jeff Liebermann
- Re: AT&T WiFi at McDonalds, etc
- References:
- AT&T WiFi at McDonalds, etc
- From: P.Schuman
- Re: AT&T WiFi at McDonalds, etc
- From: dold
- Re: AT&T WiFi at McDonalds, etc
- From: Bill Kearney
- Re: AT&T WiFi at McDonalds, etc
- From: Jeff Liebermann
- Re: AT&T WiFi at McDonalds, etc
- From: John Navas
- Re: AT&T WiFi at McDonalds, etc
- From: Jeff Liebermann
- Re: AT&T WiFi at McDonalds, etc
- From: John Navas
- Re: AT&T WiFi at McDonalds, etc
- From: Jeff Liebermann
- AT&T WiFi at McDonalds, etc
- Prev by Date: Connecting to neighbors wireless
- Next by Date: Re: Cingular Wireless Internet
- Previous by thread: Re: AT&T WiFi at McDonalds, etc
- Next by thread: Re: AT&T WiFi at McDonalds, etc
- Index(es):
Relevant Pages
|
