Computer Crime Research Center

You are about to join the

Discussion : Id theft: Taking a swipe at two-factor authentication

Discussion is closed !

1-15 > 16-30> Total 20 comments

2006-12-16 06:25:14 -
Visit Pocahontas If I Never Knew You

2006-12-16 06:25:04 -
Visit Pocahontas If I Never Knew You

2006-12-15 16:19:07 -
Visit Developmental Reading Disorder

2005-04-15 04:19:24 -
Bruce Schneier's article implies that two-factor authentication is too out dated to be of any real use.

I believe that this is a very dangerous argument to be promoting, particularly since the existing username and password security that every service currently uses is not enough and criminals are easily compromising this fact already. In my experience the biggest hurdle is the get organisations to spend any money on any more advanced security solution.

Although second factor authentication using one-use changing passwords from a token device or from an SMS, can be compromised by some increasingly sophisticated attacks, they do stop most of the common existing ones. Key stroke loggers, standard phishing and other methods of just stealing static passwords can currently be used to passively generate databases of stolen login details.
They become obsolete with the implementation of second factor authentication.

I also believe that online businesses are at the threshold of a new phase of development where the old username and password combination will be complemented with increasingly sophisticated levels of security solutions. These businesses must invest in these solutions and their customers must be given a choice over the usage of them. The penalty for choosing not to use them may be limited functionality or increased costs elsewhere.

Second factor authentication will not be the final solution for online security but it is the most mature solution for the next phase of security developments.

2005-04-14 16:23:50 -
It is obvious where this is all headed anyway, I just read from there is a book coming out from
Katherine Albrecht called spy chips. How Government and Corporations Are Tracking Your Every Move. You want us to buy your twists here. Everyone needs to maintain their locked house as anything else. Keep and honest man honest with out a chip having out ID on it. Wake up and smell the burned circuit. Plus have you ever hear of a hacker?You might as well say we need Microsoft to hurry and come up with that human body bar code you are working on.

1-15 > 16-30>
Total 20 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo