Security Basics mailing list archives
Re: 2-factor auth for all
From: Nick Owen <nickowen () mindspring com>
Date: Mon, 30 Oct 2006 08:24:42 -0500
Roman Mayor wrote:
All, I have a peculiar requirement regarding two factor authentication. I want to use USB tokens with passwords. I don't want to have any certificates stored on USB token. Only USB token with plain password on it ( its quite strange requirement). I have custom application and want the user the user to authenticate using the password stored in USB token (RSA USB token). I do not require any PKI or Encryption here. I am ready to customize the application to read the password from the USB token. My question is ...Is this possible ?? (be it less secure)..If yes, please help me with some facts /links, Thanks in Advance. Regards, Rome
If your custom app is a web app, for example, it would seem trivial to write a small application that posts the username and password hardcoded from the USB drive. I don't see the need for an RSA USB token, just use a drive. As you know, the security is extremely dubious, so I guess it is a convenience issue. Just for consideration: our open source java token will run on a USB drive and will launch the default browser to the correct web page (checking the SSL cert on the way) and it will autoload the OTP into the web page, which is pretty convenient, IMO. HTH, Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication https://www.linkedin.com/in/nickowen --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- 2-factor auth for all Saqib Ali (Oct 24)
- Re: 2-factor auth for all Thierry Zoller (Oct 24)
- Re: 2-factor auth for all Nick Owen (Oct 25)
- <Possible follow-ups>
- Re: 2-factor auth for all Nick Owen (Oct 31)
- Re: 2-factor auth for all Thierry Zoller (Oct 24)