Content deleted Content added
m →Password security: added software security section |
|||
Line 46:
There is a further argument there is nothing to stop a user (or intruder) from manually providing logon credentials that are stored on a token/smartcard. All an intruder has to do is boot in [[safe mode]] with network support and scan the hard drive with certain freely available utilities to show all passwords stored in [[Internet Explorer]]. However, making it necessary for the physical token to be in place at all times during a session can negate this.
=== Software security ===
Another concern when deploying smart cards, USB tokens, and other T-FA systems is the security of the software loaded on to users' computers. {{ref|TechTarget}} A token may store a users' credentials securely, but the potential for breaking the system is then shifted to the software interface between the hardware token and the operating system. Potentially rendering the added security of the T-FA system useless.
==See also==
| |||