This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
pc-logon [2017/05/11 06:19] jinbiao [2. Password laziness and Improving Security ] |
pc-logon [2017/05/15 08:18] (current) Tarantino |
||
|---|---|---|---|
| Line 14: | Line 14: | ||
| Although smartcard-based authentication may not prevent a theft in the first place, it can stop many attempts to read private data, can help to prevent ‘leakage’ of messages. | Although smartcard-based authentication may not prevent a theft in the first place, it can stop many attempts to read private data, can help to prevent ‘leakage’ of messages. | ||
| ==== 2. Password laziness and Improving Security ==== | ==== 2. Password laziness and Improving Security ==== | ||
| + | |||
| Studies have shown that the average person cannot remember more than 6 random numbers or letters unless these are firmly committed to memory, but it's common for organisations to require 8 character passwords, which may change frequently. | Studies have shown that the average person cannot remember more than 6 random numbers or letters unless these are firmly committed to memory, but it's common for organisations to require 8 character passwords, which may change frequently. | ||
| Unfortunately, people forced to use passwords are often inclined to pick either very simple ones (which are easy to guess) or otherwise they often write them down. | Unfortunately, people forced to use passwords are often inclined to pick either very simple ones (which are easy to guess) or otherwise they often write them down. | ||
| - | Many also use the same password for everything. | + | Many also use the same password for everything. |
| + | \\ | ||
| It’s common knowledge that the best option for improving security over and above the use of a username and password is to combine ‘what you have’ with ‘what you know’. | It’s common knowledge that the best option for improving security over and above the use of a username and password is to combine ‘what you have’ with ‘what you know’. | ||
| This is called two-factor authentication, and is the same principle used to secure chip-and-PIN transactions. | This is called two-factor authentication, and is the same principle used to secure chip-and-PIN transactions. | ||
| Line 23: | Line 26: | ||
| ===== Preparation===== | ===== Preparation===== | ||
| - | 1. [[https://store/smartcard_eJavaToken.php|eJavaToken]](Make sure that PKI applet has been already upload). | + | 1. [[https://www.javacardos.com/store/smartcard_eJavaToken.php|eJavaToken]](Make sure that PKI applet has been already upload). |
| Line 33: | Line 36: | ||
| ==== 1. Set up smart card certificate management environment==== | ==== 1. Set up smart card certificate management environment==== | ||
| - | The main task of this phase is to configure CA management environment in Windows server 2008 . It contains adding some roles from Server Manage , such as DNS Server, Active Directory Domain Services "Web Server (IIS)" , "Active Directory Certificate Services" , and so on. | + | The main task of this phase is to configure CA management environment in Windows server 2008 . It contains adding some roles from Server Manage , such as DNS Server, Active Directory Domain Services "Web Server (IIS)" , "Active Directory Certificate Services" , and so on. |
| - | Click [[https://javacardforum/viewtopic.php?f=43&t=676|here]]to know more details. | + | Click [[https://www.javacardos.com/javacardforum/viewtopic.php?f=43&t=676|here]] to know more details. |
| ==== 2. Issue smart card certificate management ==== | ==== 2. Issue smart card certificate management ==== | ||
| - | To let smart card users login windows workstation, workstation should issue smart card certificate to users firstly. Smart card certificate is a digital certificate stored in user’s smart card. | + | To let smart card users login windows workstation, workstation should issue smart card certificate to users firstly. Smart card certificate is a digital certificate stored in user’s smart card. |
| - | Click[[https://javacardforum/viewtopic.php?f=43&t=677| here]]to know more details. | + | Click[[https://www.javacardos.com/javacardforum/viewtopic.php?f=43&t=677| here]] to know more details. |
| ====3. Apply for smart card certificate management==== | ====3. Apply for smart card certificate management==== | ||
| - | In general the smart card have to contain a certificate and the corresponding private key. The certificate contains the user information used for identifying the user. When logging in via a smart card you should enter the PIN of the smart card instead of your regular password. | + | In general the smart card have to contain a certificate and the corresponding private key. The certificate contains the user information used for identifying the user. When logging in via a smart card you should enter the PIN of the smart card instead of your regular password. |
| - | You must prepare the smart card by creating the appropriate credentials before using it to log on to the computer. Click [[https://javacardforum/viewtopic.php?f=43&t=678|here ]] to know more details. | + | You must prepare the smart card by creating the appropriate credentials before using it to log on to the computer. Click [[https://www.javacardos.com/javacardforum/viewtopic.php?f=43&t=678|here ]] to know more details. |
| ==== 4. Issue smart card certificate management ==== | ==== 4. Issue smart card certificate management ==== | ||
| - | Typically, an existing networked infrastructure of client and server PCs can be secured irrespective of whether they are based on ad-hoc "workgroup" or centralised "domain-based" management, since the essential username and password login system remains the same. The smartcard logon software simply changes the standard Windows logon box, and adds the facility to retrieve these details from the card (subject to correct PIN entry) and then submit them automatically. | + | Typically, an existing networked infrastructure of client and server PCs can be secured irrespective of whether they are based on ad-hoc "workgroup" or centralised "domain-based" management, since the essential username and password login system remains the same. The smartcard logon software simply changes the standard Windows logon box, and adds the facility to retrieve these details from the card (subject to correct PIN entry) and then submit them automatically. |
| - | Smart card logon only works for computers that are joined to a domain. Click[[https://javacardforum/viewtopic.php?f=43&t=679| here]] to know more about adding user account to domain. | + | Smart card logon only works for computers that are joined to a domain. Click[[https://www.javacardos.com/javacardforum/viewtopic.php?f=43&t=679| here]] to know more about adding user account to domain. |
| ==== 5. Use eJavaToken to logon local computer ==== | ==== 5. Use eJavaToken to logon local computer ==== | ||
| - | Click[[https://javacardforum/viewtopic.php?f=43&t=679| here]]to know more information about how to logon windows. | + | Click[[https://www.javacardos.com/javacardforum/viewtopic.php?f=43&t=679| here]] to know more information about how to logon windows. |
| - | + | ||
| - | + | ||
| - | If you enter the incorrect PIN for a smart card several times in a row, you will be unable to log on to the computer using that smart card. The number of allowable invalid logon attempts before lockout occurs varies according to the smart card manufacturer. Contact your administrator for assistance. | + | |
| + | If you enter the incorrect PIN for a smart card several times in a row, you will be unable to log on to the computer using that smart card. The number of allowable invalid logon attempts before lockout occurs varies according to the smart card manufacturer. Contact your administrator for assistance. | ||
| - | ===== Discussion===== | + | |
| - | Go to [[https://javacardforum|JavaCardOS Forum]] | + | |
