WebApp Sec mailing list archives
Re: Entrust - Identity Guard - Any experience?
From: Ralf Durkee <rd () rd1 net>
Date: Fri, 19 Aug 2005 20:38:56 -0400
Mary Ann Burns wrote:
two-factor authentication is (1) something physical (USB key) with (2)something you know (pin) There is no such thing as 2-Factorauthentication without a physical device.
>I would like to whole heartedly agree that 2 factor authentication *should be* something you have and something unique to the individual and something difficult to duplicate. However I've found in most situations other "security professionals" are classifying the following as 2nd-factor authentication (when combined with a password).
1. Electronic certificates, X.509, SSL client certificates, SSH keys, pgg keys whatever. 2. Software version of RSA secure-id, other software generated tokens or on-time-passwords.
My own opinion is that these are certainly better than 1 factor, but higher risk than the have it your hand 2-factor authentication. Maybe they should be called 1.5 factor! However I have generally found myself in the minority. What do people think?
-- Ralf Durkee, CISSP, GSEC, GCIH http://rd1.net
Current thread:
- Entrust - Identity Guard - Any experience? SB (Aug 19)
- <Possible follow-ups>
- RE: Entrust - Identity Guard - Any experience? Dwayne Taylor (Aug 19)
- Re: Entrust - Identity Guard - Any experience? Saqib Ali (Aug 19)
- RE: Entrust - Identity Guard - Any experience? ken kousky (Aug 20)
- Re: Entrust - Identity Guard - Any experience? Saqib Ali (Aug 19)
- RE: Entrust - Identity Guard - Any experience? Ellis, Steven (Aug 19)
- RE: Entrust - Identity Guard - Any experience? Rishi Pande (Aug 19)
- RE: Entrust - Identity Guard - Any experience? Mary Ann Burns (Aug 19)
- Re: Entrust - Identity Guard - Any experience? Saqib Ali (Aug 19)
- Re: Entrust - Identity Guard - Any experience? Ralf Durkee (Aug 19)
- RE: Entrust - Identity Guard - Any experience? Lyal Collins (Aug 20)
- Re: Entrust - Identity Guard - Any experience? Saqib Ali (Aug 21)
- RE: Entrust - Identity Guard - Any experience? ken kousky (Aug 21)
- Re: Entrust - Identity Guard - Any experience? Ned Fleming (Aug 22)
- Re: Entrust - Identity Guard - Any experience? Saqib Ali (Aug 23)