I've been using SecureID for the better part of a year now and am quite pleased with the way it works. Here are the negatives, though they are not very interesting: -- There is a false rejection rate of around 2-5% (failure to login with my presumably valid SecureID card). This includes modem bobbles and database crashes. It generally is self-correcting. -- Dialup access only. This would prevent me to access my mail server (which is inside the firewall) from telnet. -- Interactive access only; I can't program my home machine to dial in at 5:00 AM to read mail without intervention. -- We have a mixture of direct and 800 number dialups -- this presumably protects against problems unique to a single server. In my case, SecureID is integrated into ARA (Apple Remote Access). Client installation was trivial. I don't know what, if any, link-encryption is incorporated. The user overhead is about 30 seconds per dialup. Martin Minow minow@apple.com
someone at my firm is about to press the securid system down our collective throats. please point me to the recent thread on this subject, and/or point me to some url's or the like, or to someone who has some firsthand knowledge of the pitfalls and/or vulnerbilities of secirid.
cheers, -paul