two factor authentication

Wed Jul 26 03:44:55 EST 2006

Alon Bar-Lev wrote:
> Chris Rapier wrote:
>>
>>
>> Alon Bar-Lev wrote:
>>
>>> Smartcard *IS* two factor, this is why they exist. There is no
>>> better security solution than smartcards.
>>
>> Of course, smartcards can be easily defeated by a sufficiently scary 
>> person holding a pair of garden shears. ;)
>>
> 
> Well... I am not a native English speaker... What does it mean?
> 
> Do you actually think there is a better security mechanism than smartcards?

The idea is that almost every security solution can be broken if the 
person trying to break it is sufficiently ruthless. Things like 
smart-cards, fobs, two factor authentication and so forth are really 
only effective at one class of security attacks where the technology is 
targeted.

However, the weakest link in any security chain is always the human. If 
you *physically* attack the human then its very easy to gain access to 
most any system. The mental I was trying to convey above is someone who 
wants access to your systems and is willing to cut off your toes and 
fingers with a pair of garden shears to get in. While some might 
consider this to be extreme I'm personally surprised its not being doing 
with some frequency.

Now is there a better solution than smartcards? Well, smart cards are a 
compromise between security and convenience. They provide reasonably 
good security but its not perfect. In fact, if you think about it ATM 
cards are two factor security - very much like smartcards - you need the 
card and the pin to access your money. However, a little ingenuity and 
you come up with
http://www.snopes.com/crime/warnings/atmcamera.asp
http://www.crimes-of-persuasion.com/Crimes/InPerson/atm_scams.htm
and
http://www.engadget.com/2005/03/29/beware-phony-atm-facades/

Anyway, this doesn't have much to do with OpenSSH. My point was really 
just that most any security protocol can be broken by someone who is 
determined enough to do it.