It makes psudo-random numbers used for computer security systems.
There's a login name, password and the number that thing spits out. Each of those devices is tied to the login name. The user can't log in without getting a number from that thing and can't use anyone elses device to get a number. Each number can only be used once.
This makes it very difficult to log in under someone elses ID, and makes stealing IDs very difficult.
>>927659 Precisely. By itself, useless unless you need a "random" number generator. However, someone is pissed that they lost it. If it has return instructions or owner info, don't be a dick. Return it. Hell, maybe even contact RSA and see if they want it back.
Invent some kind of drunken betting game to hustle/siphon your friends. Pay 3:1 odds if they can guess within 10 numbers of what the last two digits are on the next change. Offer 5:1 if they double down. The 1 minute cycle will keep things popping and not give them time to think.
>>930837 yeah I thought so, it's the same concept we use in military radios.
I know for a fact losing a radio is a fucking big deal, especially for NATO countries, as they sync their signalling gear, so one lost radio by a British marine in kenya means us chumps sitting in the solomon islands need to re-erf our radios and reset the clocks incase the baddies get a hold of the radio clocks, ostensibly. it's the most retarded thing ever
so you COULD get the server clock rate from this dongle or whatever you call it. not that that would be any good without user/password and reading internal memos from your local building supply chain or other pointless company is a waste of time
>>930840 >>930837 >>930821 Kinda, except the code is generated using public-key encryption, so if you try to extract the key out of it as in >>930840, you end up with the dongle's private key which can't be used to impersonate the server's public key.
>>931415 Not if google has anything to say about it. They want to use your biometric data in order to log you in. Not just fingerprints, but how you walk, your voice and your location when you log in will all be considered before allowing you access into the system.
>>931664 >I hate the fucking numb nuts in security/it though goddamn. >>tablet sign in >>intranet sign in >>rsa signin w/rsa salt. >>I am in posession of an authorized >passwords expire every two months
Security expert here... Retarded users bring this on themselves.
>give a user a spare access card. User doesn't report the loss of the first one. They wait until both are lost and they are inconvenienced. Meanwhile access cards are floating around out the, active. >lose phone or laptop on train >allow hethen spawn to fuck around on the Web using their work laptop. >email confidential documents to their AOL email address so they can "here from home" and not be bothered with carrying a laptop. >passwords on the post-it note under the keyboard.
>>930891 This is accurate. There are options for setting up an RSA system that will use only the token code and not require a PIN or password. But what would be the point? Only retarded end users would set it up like that.
I'm seeing a lot of companies dumping the RSA tokens and instead using one of the services that sms a code to your phone. No app needed, no extra dongle, no whiney bitches complaining fashion trumps security and therefore they don't have pockets so they leave their RSA token next to their keyboard.
>>932526 >I listened to yet another conference presenter complaining about security awareness training. He was talking about the difficulty of getting employees at his company to actually follow his security policies: encrypting data on memory sticks, not sharing passwords, not logging in from untrusted wireless networks. "We have to make people understand the risks," he said.
>It seems to me that his co-workers understand the risks better than he does. They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren't serious.
>Given this accurate risk analysis, any rational employee will regularly circumvent security to get his or her job done. *That's what the company rewards, and that's what the company actually wants.* -- Bruce Schneier
>>932526 There is no godda.n excuse for needing 4 authentication factors that need to be replaced with braindead password olicies every two months.
Fuuuck youuuuu. You don't actually know fucking anything you goddamn shit eater. Everyone in the company wants to beat the shit out of you. You can't design a UI for shit goddamn haaaaaaa fucking fuuckkk you.
I know our systems work with a global log in system, a lot of internal systems use it.
But they don't all use it. So I have like 10 passwords with different schema requirements, some of which expire more frequently than I even use the particular web site.
I have one now that has been giving me emails daily telling me "Your password will expire in -30 days because it expired 30 days ago. The email doesn't even tell how to change or reset the password. It's the most retarded thing ever.
>>927727 wage theft, at least in america, is common, paying for clothing they require you to use, and sure you could go to court, but its 10-20$ and legal fees are a hell of alot more making it not worth it. but losing or damaging company property, outside of normal wear and tear is either grounds to be fired or docked pay, largely dependant on how much you are worth to the company.
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at email@example.com with the post's information.