Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2020-01-23) Smartcard/PIN Better Than Username/Password?

Posted by Jorge on 2020-01-23


Think username/password is a bad thing (both "something you know"). Using Smartcard/PIN ("something you know" & "something you have") instead for interactive logon? It is a bit better, but if hacker has compromised your computer and is using e.g. Mimikatz, you’re still screwed! So, the answer is: “no it is not better”

image

Figure 1: Mimikatz Output Displaying Clear Text PIN Of The Smart Card

Move away from it and go passwordless! Whatever you choose the secrets must be stored and accessed securely and there must be an “inaccessible” factor (e.g. biometric) or a dynamic factor (e.g. OTP, choosing value, etc.)

————————————————————————————————————————————————————-
This posting is provided "AS IS" with no warranties and confers no rights!
Always evaluate/test everything yourself first before using/implementing this in production!
This is today’s opinion/technology, it might be different tomorrow and will definitely be different in 10 years!
DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
————————————————————————————————————————————————————-
########################### Jorge’s Quest For Knowledge ##########################
####################
http://JorgeQuestForKnowledge.wordpress.com/ ###################
————————————————————————————————————————————————————-

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: