[clug] 2 factor authentication in an era of smartphones

jm jeffm at ghostgun.com
Sun Dec 9 19:44:46 MST 2012

Just a couple of things that may be relevant:

1) TOTP RFC 6238

2) Best known example on smart phones is Google Authenticator

There is also an open Challenge Response OTP (rfc6287), but I don't know
of anyone implementing this. And also HOTP (rfc6238).

TOTP hardware tokens are available cheaply which strangely makes the use
of smart phone implementations more attractive. Simply due to the fact
that if you have a user who doesn't have a smart phone you can still
support them.


On 10/12/12 1:23 PM, Michael James wrote:
> Dear CLUGers,
> Now that smartphones are ubiquitous
>  it might be time to revisit 2 factor authentication.
> Instead of an RSA key-generating token just use
>  an app to provide a One Time Password generator?

> PS:  Security is an illusion caused by lack of imagination.

More information about the linux mailing list