[clug] 2 factor authentication in an era of smartphones
Kim Holburn
kim.holburn at gmail.com
Sun Dec 9 22:16:49 MST 2012
I'm still trying to decide if two-factor really gets you any more that more trouble logging in legitimately. Mind you, I am having to implement it anyway.
http://www.techspot.com/news/51037-trojan-bypasses-two-factor-authentication-steals-465-million.html
On 2012/Dec/10, at 1:23 PM, Michael James wrote:
> Dear CLUGers,
>
> Now that smartphones are ubiquitous
> it might be time to revisit 2 factor authentication.
>
> Instead of an RSA key-generating token just use
> an app to provide a One Time Password generator?
>
> My musings run along these lines:
>
> 1) The app is protected by a locally set password
> required to decrypt it.
>
> 2) Once decrypted, the app knows a private key,
> registered with the authenticating system.
>
> 3) Key and time provide a One Time Password.
>
> 4) Asymmetric keys allow authenticating system
> to check OTP without the ability to generate them???
>
> But there might be some entirely different system possible these days.
>
> What are people using/investigating?
>
> michaelj
>
>
> PS: Security is an illusion caused by lack of imagination.
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the linux
mailing list