Security Basics mailing list archives

RE: Multi-Factor Authentication Concern

From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 15 Aug 2007 12:11:40 -0700

  The nuclear launch safeguard is NOT an example of "Multi-Factor
Authentication", but of "Segregation of Duties".  (It's an unusual 
case in that the segregation can apparently be completely symmetric
-- not usually the case in business! -- but that's not relevant to
this discussion.)

  Each launch operator is effectively both identified and 
authenticated by their key.  The security here is not robustness 
of authentication (presumably physical access to the site is 
considered sufficient...), but controlling against rogue internals 
by requiring collusion.
  It's the use of a different sort of control to mitigate against 
a different kind of security threat.

David Gillett

Current thread:

RE: Multi-Factor Authentication Concern, (continued)
- - - RE: Multi-Factor Authentication Concern David Harley (Aug 15)
    - RE: Multi-Factor Authentication Concern Devin Rambo (Aug 14)
    - Re: Multi-Factor Authentication Concern Chad Perrin (Aug 15)
    - Re: Multi-Factor Authentication Concern Roch (Aug 14)
    - RE: Multi-Factor Authentication Concern Tony Reusser (Aug 15)
    - RE: Multi-Factor Authentication Concern Uber Wannabe (Aug 15)
    - RE: Multi-Factor Authentication Concern Mngadi, Simphiwe (SS) (Aug 16)
    - RE: Multi-Factor Authentication Concern Mngadi, Simphiwe (SS) (Aug 15)
    - Re: Multi-Factor Authentication Concern Mike Lococo (Aug 14)
    - RE: Multi-Factor Authentication Concern Tep, Tom M. (CDC/CCHP/NCCDPHP) (Aug 15)
    - RE: Multi-Factor Authentication Concern David Gillett (Aug 15)
    - Re: Multi-Factor Authentication Concern Cristina & Fernando (Aug 15)
    - Re: Multi-Factor Authentication Concern Ryan Chow (Aug 16)
    - RE: Multi-Factor Authentication Concern Mngadi, Simphiwe (SS) (Aug 16)
    - Re: Multi-Factor Authentication Concern Cristina & Fernando (Aug 16)
    - RE: Multi-Factor Authentication Concern Mngadi, Simphiwe (SS) (Aug 16)
    - Re: Multi-Factor Authentication Concern Cristina & Fernando (Aug 16)
    - RE: Multi-Factor Authentication Concern Justin Ross (Aug 16)
    - RE: Multi-Factor Authentication Concern Uber Wannabe (Aug 16)
    - RE: Multi-Factor Authentication Concern Mngadi, Simphiwe (SS) (Aug 17)
    - Re: Multi-Factor Authentication Concern Mark Boots (Aug 17)

(Thread continues...)