Outlook Web Access seems to use the network user-name/password for
authentication.. Dont corporations/companies have problems enabling such an
This user-name and password can be used to access 'any' resource available
for that user; ofcourse, once should have access to their internal network
to do any substantial damage, but still ..
Some user may unintentionally type slow sitting in an internet kiosk in an
airport - or some such scenario that I cant think of.
Does exchange provide any way to map a pin for each user to the network
password? OWA users can only use these pins to access their mails and these
pins are not usable within the Network -- something along these lines? If
somebody gets hold of the pin, they can only do a limited damage - only
access this person's mail.
Many corporations seem to have enabled OWA access now - somebody must have
given some thought to this..