two factor authentication

Frank Cusack fcusack at fcusack.com
Sun Jul 23 17:40:43 EST 2006


I won't respond to the bulk of this mostly knee-jerk response, but ...

On July 23, 2006 8:03:13 AM +0300 Alon Bar-Lev <alon.barlev at gmail.com> wrote:
> Jefferson Ogata wrote:
>> The point of multiple factors is to have a backup in case one of the
>> factors is compromised.
>
> No it doesn't. This is your interpretation.

umm, no, that IS the point of multiple factors.

> Two factors, when combined, giving you access to resources.
>
> If you want to have real security, use smartcards.
> If you don't use smartcards, then you don't have real security.

If you do use smartcards, you don't necessarily have real security.  It
depends on the environment.  I talked to a high-security (NSA+) guy
recently, smartcards weren't nearly secure enough for them.  They are
developing their own proprietary technology.

In the right environment, publickey from a usb fob is "real" security.
In the more general case, smartcards are probably secure.  But smartcards
could either be overkill or not enough.

-frank



More information about the openssh-unix-dev mailing list