two factor authentication
Alon Bar-Lev
alon.barlev at gmail.com
Tue Jul 25 15:17:06 EST 2006
Jefferson Ogata wrote:
> Well, I was actually provisionally agreeing with you that with a
> smartcard from which the key is not directly accessible, yes you may
> arguably have two factors. But I don't think the White House will
> consider it so.
Why do you guess? Ask them!
Smartcard *IS* two factor, this is why they exist. There is no
better security solution than smartcards.
You can, how-ever, wish your users to enter the password for the
smartcard and then enter the password for the server. But I really
pity your users.
If you don't trust your users you can provide them with a smartcard
with a pre-defined complex-enough password, they cannot change.
The result is smartcard being locked if someone try to guess that
password.
You can also consider biometric enabled smartcards, and have 3 factors.
But biometric is the worse from user perspective.
Best Regards,
Alon Bar-Lev.
More information about the openssh-unix-dev
mailing list