two factor authentication
Frank Cusack
fcusack at fcusack.com
Sun Jul 23 17:40:43 EST 2006
I won't respond to the bulk of this mostly knee-jerk response, but ...
On July 23, 2006 8:03:13 AM +0300 Alon Bar-Lev <alon.barlev at gmail.com> wrote:
> Jefferson Ogata wrote:
>> The point of multiple factors is to have a backup in case one of the
>> factors is compromised.
>
> No it doesn't. This is your interpretation.
umm, no, that IS the point of multiple factors.
> Two factors, when combined, giving you access to resources.
>
> If you want to have real security, use smartcards.
> If you don't use smartcards, then you don't have real security.
If you do use smartcards, you don't necessarily have real security. It
depends on the environment. I talked to a high-security (NSA+) guy
recently, smartcards weren't nearly secure enough for them. They are
developing their own proprietary technology.
In the right environment, publickey from a usb fob is "real" security.
In the more general case, smartcards are probably secure. But smartcards
could either be overkill or not enough.
-frank
More information about the openssh-unix-dev
mailing list