Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 2-factor auth for all

From: Nick Owen <nickowen () mindspring com>
Date: Mon, 30 Oct 2006 08:24:42 -0500
Roman Mayor wrote:

All,
  
  I have a peculiar requirement regarding two factor authentication. I
want to use USB tokens with passwords. I don't want to have any
certificates stored on USB token. Only USB token with plain password on
it (
its quite strange requirement).
  
  I have custom application and want the user the user to authenticate
using the password stored in USB token (RSA USB token). I do not
require any PKI or Encryption here. I am ready to customize the application
to read the password from the USB token.
  
  My question is ...Is this possible ?? (be it less secure)..If yes,
please help me with some facts /links,
  
  Thanks in Advance.
  
  Regards,
  
  Rome


If your custom app is a web app, for example, it would seem trivial to
write a small application that posts the username and password hardcoded
from the USB drive. I don't see the need for an RSA USB token, just use
a drive.  As you know, the security is extremely dubious, so I guess it
is a convenience issue.  Just for consideration:  our open source java
token will run on a USB drive and will launch the default browser to the
correct web page (checking the SSL cert on the way) and it will autoload
the OTP into the web page, which is pretty convenient, IMO.

HTH,

Nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: