[clug] 2 factor authentication in an era of smartphones
Robert Edwards
bob at cs.anu.edu.au
Sun Dec 9 20:46:04 MST 2012
On 10/12/12 13:23, Michael James wrote:
> Dear CLUGers,
>
> Now that smartphones are ubiquitous
> it might be time to revisit 2 factor authentication.
>
> Instead of an RSA key-generating token just use
> an app to provide a One Time Password generator?
>
> My musings run along these lines:
>
> 1) The app is protected by a locally set password
> required to decrypt it.
>
> 2) Once decrypted, the app knows a private key,
> registered with the authenticating system.
>
> 3) Key and time provide a One Time Password.
>
> 4) Asymmetric keys allow authenticating system
> to check OTP without the ability to generate them???
>
> But there might be some entirely different system possible these days.
>
> What are people using/investigating?
>
> michaelj
>
>
> PS: Security is an illusion caused by lack of imagination.
>
Yubikey (from Yubico: http://www.yubico.com/) have an open-standards
authentication system that I wrote a server and a soft key for some
years ago. Haven't tried to port the soft key to 'droid yet, but that
could be a pre-LCA2013 holiday project...
My (now old) code at:
http://svn.anu.edu.au/people/Bob.Edwards/public/bobykserv
with the soft key version in softkey.c
Cheers,
Bob Edwards.
More information about the linux
mailing list