[clug] 2 factor authentication in an era of smartphones
Michael James
clug3 at james.st
Sun Dec 9 19:23:20 MST 2012
Dear CLUGers,
Now that smartphones are ubiquitous
it might be time to revisit 2 factor authentication.
Instead of an RSA key-generating token just use
an app to provide a One Time Password generator?
My musings run along these lines:
1) The app is protected by a locally set password
required to decrypt it.
2) Once decrypted, the app knows a private key,
registered with the authenticating system.
3) Key and time provide a One Time Password.
4) Asymmetric keys allow authenticating system
to check OTP without the ability to generate them???
But there might be some entirely different system possible these days.
What are people using/investigating?
michaelj
PS: Security is an illusion caused by lack of imagination.
More information about the linux
mailing list