Educause Security Discussion mailing list archives
Re: two-factor OTP systems
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 2 Apr 2009 10:38:49 -0400
jeff murphy wrote:
I'm looking for experiences/recommendations on two-factor OTP systems suitable for plugging into RADIUS and/or Active Directory. I'd be particularly interested in systems that can use smartphones as the token generator. Google lead me to: http://www.deepnetsecurity.com/products2/MobileID.asp but I haven't found much else on that front.
Did you get any other responses? I'm interested in using phones too. I ran across the following a while back but I'm getting ready to start looking again... http://www.phonefactor.com/ http://motp.sourceforge.net/ There is a lot of stuff on the net now http://www.google.com/search?q=cell+phone+authentication&hl=en&start=30&sa=N It seems to me using cellphones that most people carry these days as a second factor would do a lot to get rid of reusable passwords at a reasonable cost with a lot less impact than singe use token devices. This would be particularly useful for populations and applications where mandating a more traditional two factor system where justification was marginal. I know the cell phone based schemes aren't as strong as traditional 2-factor but if they're more likely to be implemented and stop 98% of the problems with reusable passwords, what's not to like? Stronger methods can be reserved for those applications where that 2% poses a high risk. Heck, even I finally broke down and got a cell phone a couple years ago when I said I never would. Now I'm looking for a smart phone (actually a mobile computer with voice capabilities). :) -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: two-factor OTP systems Russell Fulton (Mar 31)
- <Possible follow-ups>
- Re: two-factor OTP systems Bill Kyle (Apr 02)
- Re: two-factor OTP systems Gary Flynn (Apr 02)
- Re: two-factor OTP systems jeff murphy (Apr 02)
- Re: two-factor OTP systems jeff murphy (Apr 02)
- Re: two-factor OTP systems Tyler T. Schoenke (Apr 02)
- Re: two-factor OTP systems Tyler T. Schoenke (Apr 02)
- Re: two-factor OTP systems Matthew Dalton (Apr 02)
- Re: two-factor OTP systems Gary Dobbins (Apr 02)
- Re: two-factor OTP systems Kevin Schmidt (Apr 03)
- Re: two-factor OTP systems Nick Lewis (Apr 11)
- Re: two-factor OTP systems Russell Fulton (Apr 22)
- Re: two-factor OTP systems Dexter Caldwell (Apr 22)
(Thread continues...)