Posted by:
admin
16 years, 3 months ago
Network World has given Bruce Schneier a chance to clarify his position that strong authentication is "Too Little Too Late" and has given RSA's CTO, Joe Uniejewski, a chance to rebut.While Schneier does clarify that he's not against strong authentication, he seems to think it's not going to be effective against identity theft and fraud. He references the fact that credit card companies pay little attention to authenticating the identity of the individual and focus on authenticating the transaction. However, he seems to think that two-factor authentication can't do this! As I have discussed before why not?? This seems like a great solution. Log in with your password, but when you want to do a transaction, give us the one-time password.
Uniejewski's response misses this fact, unfortunately. He indicates that RSA is looking at ways to "raise the standard authentication interfaces".
Both authors agree that passwords are past their prime.
It's a complex issue that threatens online banking and ecommerce. There are a number of attacks on the client, the servers and the network that make it difficult for one single solution to fix all the problems. If you look at the credit card processing systems and ATM systems out there, you can see the complexity that has developed to address security. It is important to remember that it is an ongoing battle and also that the risk needs to be minimized to a point where it can be insured against. Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)