[clug] 2 factor authentication in an era of smartphones

Michael James clug3 at james.st
Sun Dec 9 19:23:20 MST 2012

Dear CLUGers,

Now that smartphones are ubiquitous
 it might be time to revisit 2 factor authentication.

Instead of an RSA key-generating token just use
 an app to provide a One Time Password generator?

My musings run along these lines:

  1)	The app is protected by a locally set password
	 required to decrypt it.

  2)	Once decrypted, the app knows a private key,
	 registered with the authenticating system.

  3)	Key and time provide a One Time Password.

  4)	Asymmetric keys allow authenticating system
	 to check OTP without the ability to generate them???

But there might be some entirely different system possible these days.

What are people using/investigating?


PS:  Security is an illusion caused by lack of imagination.

More information about the linux mailing list