Duress Passwords/PINs/Combinations

David Kovar kovar at nda.com
Thu Nov 18 14:41:38 PST 1993


> 	Having a separate authentication mechanism that is used
> under duress is a very good idea that some existing systems already
> employ.  I'll pass along the ones I have had contact with.  From a
> systems point of view, it is hard to figure out exactly how the system
> should respond when it recognizes a duress authentication.  There are
> competing interests as I'll explain after some examples.

The SecureID system has a duress PIN built in to it as well. Using
that PIN, you're still authenticated, but the server software knows
that you entered it under duress and does the "appropriate" thing.

-David





More information about the cypherpunks-legacy mailing list