1

I am looking for a card-reader solution that includes not only the physical card-reader but a method to read/program the cards. The end goal is have to give my end users a card-reader and then an associated card they need to swipe to login to the windows machine. I am not worried about end-users 'swapping' cards as they are geographically distant.

Suggestions on where to start?

Thanks in advance,

Robert
  • 434
  • 3
  • 6
  • 15

1 Answers1

-1

A simple swipe card is easy to skim and then clone. Often simple magnetic strip readers just contain a secret which is transmitted over usb or ps/2 which could be intercepted by a hardware key logger. Smart card authentication isn't affected by this attack. Even if the challenge response was intercepted, the attacker would have to brute force the private key. Here is more information on implementing two factor authentication for windows.

Rook
  • 2,615
  • 5
  • 26
  • 34
  • I agree that two-factor authentication is the way to go; however that is not my assignment. I'm simply supposed to find a card-reader solution, even if it is one-factor, and I don't know where to look. – Robert Jul 27 '10 at 00:11
  • @Robert if the three links i posted isn't enough information then i'm sorry but i don't think anyone can help. A smartcard has doesn't require multi-factor authentication. Apples and oranges, mag strips are **EXTREMELY** insecure and are trivial to clone, this would be massive mistake. – Rook Jul 27 '10 at 19:41
  • I can agree that is not secure by any means, but this is where policy makers meet security people and win. :/ – Robert Aug 24 '10 at 00:23