WebApp Sec mailing list archives
RE: 2-factor auth for all
From: "Nick Owen" <nowen () wikidsystems com>
Date: Tue, 24 Oct 2006 07:39:56 -0400
seems like 2 factor auth (one time password) using token will be soon available to the general consumer soon. SanDisk will be adding the functionality of one-time-password, dubbed 'TrustedSignins', in their TrustedFlash device. Verisign, and RSA are working with SanDisk to build this platform, which might put an end to phishing See: http://www.sandisk.com/Corporate/PressRoom/PressReleases/Press Release.aspx?ID=3569
Saqib: Accessible 2-factor authentication is great, but a couple of points: 1. It is unclear how this solution is more secure than just storing the token in a PKS12 store on a USB drive. 2. Without mutual authentication, phishing attacks will still occur. 3. Even with mutual strong authentication, out-of-band transaction authentication may be needed to thwart trojans. In, fact I would argue that it would be better to validate transactions only with 2-factor. I would also argue that availablility has not been the issue in the lack of deployments. -- Nick Owen CEO 404-962-8983 WiKID Systems, Inc. http://www.wikidsystems.com http://sourceforge.net/projects/wikid-twofactor Commercial/Open Source Two-Factor Authentication ------------------------------------------------------------------------- Sponsored by: Watchfire Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download our The Twelve Most Common Application-level Hack Attacks whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTi --------------------------------------------------------------------------
Current thread:
- 2-factor auth for all Saqib Ali (Oct 23)
- RE: 2-factor auth for all Benjamin Tomhave (Oct 27)
- Re: 2-factor auth for all David Kierznowski (Oct 27)
- Re: 2-factor auth for all Saqib Ali (Oct 27)
- RE: 2-factor auth for all Nick Owen (Oct 27)
- Re: 2-factor auth for all Saqib Ali (Oct 27)
- Re: 2-factor auth for all Nick Owen (Oct 27)
- Re: 2-factor auth for all Saqib Ali (Oct 27)