Re: Two factor Authentication

[Neil Matatall <nmatatal () UCI EDU>]

> Hence, quick-turn reuse attacks are unsuccessful.

My experience is that once you use a RSA SecurID token code it cannot be
used again even if it is within the one minute period.

Message=ACCESS DENIED, multiple auths (Login: <username>

> We've used SafeWord, from (formerly) Secure Computing (now from Aladdin)
> for several years.  It's a lot like the others (e.g. RSA) but is different
> in that its tokens are not time-sync'd (they seem instead to be
> sequence-sync'd), and so each press of the button yields a one-time
> password that is immediately invalid once used.  Hence, quick-turn reuse
> attacks are unsuccessful.  With time-sync'd tokens, the same password may
> work for a given interval, such as  a minute.  Perhaps my info is dated
> and this risk has been mitigated in those products.
>
> You may want to look at nuances like that as you make your selection.
>
>
>
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James C Farr '05
> Sent: Thursday, September 24, 2009 3:29 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Two factor Authentication
>
> We are looking at two-factor authentications options for people to use
> when traveling.
>
> Does anyone have good or bad experiences they can share?
> If so what Solution did you choose?
> Why did you chose the that solution?
>
> Thank you for your input.
>
> James Farr
> Information Security Officer
> Instructional Technologist
> Utica College
> jfarr () utica edu<mailto:jfarr () utica edu>
> 315-223-2386