Educause Security Discussion mailing list archives
Re: two-factor OTP systems
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 23 Apr 2009 07:54:40 +1200
On 3/04/2009, at 7:49 AM, Tyler T. Schoenke wrote:
I think the big advantage with text messages is that you can have thirty higher-risk accounts all sending texts to your cell phone. That is much nicer than carrying around thirty tokens.
Why would you have 30 tokens? We use RSA Securid tokens to secure a variety of systems. I carry one token. It i just one more centralised authentication system. RSA and others have soft tokens that run in phones as well. One catch with the sms verification is tha sms is not a 'reliable' protocol. Messages do occasionally get lost and sometimes delayed, quite apart from the issues of flat batteries and the like. Personally I would not want to rely on cell phone for timely access to critical systems. That not to say that there are some applications where this model may work well -- password resets for instance? Russell
Current thread:
- Re: two-factor OTP systems, (continued)
- Re: two-factor OTP systems Bill Kyle (Apr 02)
- Re: two-factor OTP systems Gary Flynn (Apr 02)
- Re: two-factor OTP systems jeff murphy (Apr 02)
- Re: two-factor OTP systems jeff murphy (Apr 02)
- Re: two-factor OTP systems Tyler T. Schoenke (Apr 02)
- Re: two-factor OTP systems Tyler T. Schoenke (Apr 02)
- Re: two-factor OTP systems Matthew Dalton (Apr 02)
- Re: two-factor OTP systems Gary Dobbins (Apr 02)
- Re: two-factor OTP systems Kevin Schmidt (Apr 03)
- Re: two-factor OTP systems Nick Lewis (Apr 11)
- Re: two-factor OTP systems Russell Fulton (Apr 22)
- Re: two-factor OTP systems Dexter Caldwell (Apr 22)
- Re: two-factor OTP systems jeff murphy (Apr 22)
- Re: two-factor OTP systems Greg Vickers (Apr 22)
- Re: two-factor OTP systems Ken Connelly (Apr 23)
- Re: two-factor OTP systems Dexter Caldwell (Apr 23)
- Re: two-factor OTP systems Dexter Caldwell (Apr 23)
- Re: two-factor OTP systems Chris Gauthier (Jun 13)