CRYPTOCard one-time passwords

The UCAR Computer Security Advisory Committee (CSAC) has mandated that external access through the UCAR firewall security perimeter shall be via one-time passwords only. Access from outside the UCAR security perimeter is provided by gatekeeper servers and Virtual Private Network (VPN). By August 26, 2008 one-time passwords will be needed for all VPN access.

One-time passwords for protected systems are issued by single-user hardware devices called "CRYPTOCards." The gatekeeper system issues a challenge, and users obtain the response from the CRYPTOCard. CRYPTOCards use one-time password technology that provides users with a password that is valid for a single login session. Should this password get electronically "sniffed" by an unauthorized person, it would be useless for any future logins.

CRYPTOCard one-time passwords have been required for NCAR supercomputer users since 2004. This security measure is now being extended to additional systems inside the UCAR security perimeter.

When requesting a CRYPTOCard with the work request system please include the name, phone number, fax number, fedex mailing address (if applicable), name of the person authorizing the card.