[clug] 2 factor authentication in an era of smartphones
Francis Markham
francis.markham at anu.edu.au
Sun Dec 9 22:22:38 MST 2012
Kim, you are in good company in your musing:
http://www.schneier.com/blog/archives/2005/03/the_failure_of.html
On 10 December 2012 16:16, Kim Holburn <kim.holburn at gmail.com> wrote:
> I'm still trying to decide if two-factor really gets you any more that
> more trouble logging in legitimately. Mind you, I am having to implement
> it anyway.
>
>
> http://www.techspot.com/news/51037-trojan-bypasses-two-factor-authentication-steals-465-million.html
>
>
> On 2012/Dec/10, at 1:23 PM, Michael James wrote:
>
> > Dear CLUGers,
> >
> > Now that smartphones are ubiquitous
> > it might be time to revisit 2 factor authentication.
> >
> > Instead of an RSA key-generating token just use
> > an app to provide a One Time Password generator?
> >
> > My musings run along these lines:
> >
> > 1) The app is protected by a locally set password
> > required to decrypt it.
> >
> > 2) Once decrypted, the app knows a private key,
> > registered with the authenticating system.
> >
> > 3) Key and time provide a One Time Password.
> >
> > 4) Asymmetric keys allow authenticating system
> > to check OTP without the ability to generate them???
> >
> > But there might be some entirely different system possible these days.
> >
> > What are people using/investigating?
> >
> > michaelj
> >
> >
> > PS: Security is an illusion caused by lack of imagination.
> > --
> > linux mailing list
> > linux at lists.samba.org
> > https://lists.samba.org/mailman/listinfo/linux
>
> --
> Kim Holburn
> IT Network & Security Consultant
> T: +61 2 61402408 M: +61 404072753
> mailto:kim at holburn.net aim://kimholburn
> skype://kholburn - PGP Public Key on request
>
>
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
More information about the linux
mailing list