G
Guest
I am wondering what the thinking was at Microsoft to NOT build support for GTC (Generic Token Code, used for things like Secure ID) into their 802.1x PEAP supplicant. One Time Passwords are clearly more secure than static passwords, especially in a wireless network.
Furthermore, if you do end up settling for MS-CHAP V2 with 802.1x/PEAP, XP caches the credentials. There is a registry hack you can use to clear the cache, but it is not permanent, forcing users to have to delete a registry key after every single succssful 802.1x authentication. Imagine a user has a laptop with wireless and it it gets stolen. The thief can wander into your wireless network and never have to authenticate, as your friendly XP operating system with authenticate for you from the cached credentials. This is clearly a big security issue (which is why one-time passwords as so much more secure).
What was MS thinking and are they perhaps considering a change of heart and will add GTC support, or at least fix the registry issue permanently.
-Joe
Furthermore, if you do end up settling for MS-CHAP V2 with 802.1x/PEAP, XP caches the credentials. There is a registry hack you can use to clear the cache, but it is not permanent, forcing users to have to delete a registry key after every single succssful 802.1x authentication. Imagine a user has a laptop with wireless and it it gets stolen. The thief can wander into your wireless network and never have to authenticate, as your friendly XP operating system with authenticate for you from the cached credentials. This is clearly a big security issue (which is why one-time passwords as so much more secure).
What was MS thinking and are they perhaps considering a change of heart and will add GTC support, or at least fix the registry issue permanently.
-Joe