schneier-clarifies-his-stance-on-two-factor

Posted by:

admin 15 years, 3 months ago

Bruce Schneier posted a clarification on his stance regarding two-factor authentication today.

Two-factor authentication is a long-overdue solution to the problem of passwords. I welcome its increasing popularity, but identity theft and bank fraud are not results of password problems; they stem from poorly authenticated transactions. The sooner people realize that, the sooner they'll stop advocating stronger authentication measures and the sooner security will actually improve.

Again, he's missing a couple of points.

First, it is simple to use strong authentication to authenticate transactions as well as sessions.

Second, some strong authentication systems, such as our strong authentication system can combat the "non-authentication" attacks Schneier describes. For example, the WiKID two-factor client will not generate a valid passcode if the DNS system is poisoned. We are working on extending WiKID in other ways as well.

Authors

admin (606)
root (66)

Feeds

RSS / Atom

schneier-clarifies-his-stance-on-two-factor

Posted by:

admin 15 years, 3 months ago

Recent Posts

Archive

2024

2022

2021

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Categories

Tags

Authors

Feeds

schneier-clarifies-his-stance-on-two-factor

Posted by: admin 15 years, 3 months ago

Recent Posts

Archive

2024

2022

2021

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Categories

Tags

Authors

Feeds

Posted by:

admin 15 years, 3 months ago