[clug] 2 factor authentication in an era of smartphones
kim.holburn at gmail.com
Sun Dec 9 22:16:49 MST 2012
I'm still trying to decide if two-factor really gets you any more that more trouble logging in legitimately. Mind you, I am having to implement it anyway.
On 2012/Dec/10, at 1:23 PM, Michael James wrote:
> Dear CLUGers,
> Now that smartphones are ubiquitous
> it might be time to revisit 2 factor authentication.
> Instead of an RSA key-generating token just use
> an app to provide a One Time Password generator?
> My musings run along these lines:
> 1) The app is protected by a locally set password
> required to decrypt it.
> 2) Once decrypted, the app knows a private key,
> registered with the authenticating system.
> 3) Key and time provide a One Time Password.
> 4) Asymmetric keys allow authenticating system
> to check OTP without the ability to generate them???
> But there might be some entirely different system possible these days.
> What are people using/investigating?
> PS: Security is an illusion caused by lack of imagination.
> linux mailing list
> linux at lists.samba.org
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the linux