Network Security: Detailed info on Re: Two-Factor Authentication on the Web

Subject:	Re: Two-Factor Authentication on the Web
Date:	Sat, 1 Jul 2006 00:46:41 +1000

Subject:

Re: Two-Factor Authentication on the Web

Date:

Sat, 1 Jul 2006 00:46:41 +1000


On 30/06/2006, at 4:03 PM, Tim wrote:

 the only way I see that you can accurately validate
someone would be through biometrics (something you are)


This is not possible, as:

All devices in general are tamperable and not trustworthy when in the hands of the attacker

Biometric devices have a long history of being little more than snake oil or toys. The good ones are significantly more expensive than ANY other form of actual 2FA authentication device

Many attacks against existing biometric devices are so trivial as to be a complete joke. Check out this page:

http://www.heise.de/ct/english/02/11/114/

Lastly, trustworthy biometric registration requires an in-person visit, thus negating any possibility of remote authentication.

No matter what 2FA device you use, evidence of identity is only as strong as the registration process. I'd prefer to see the initial registration (and recovery of registration) done only in-person. Otherwise the process is open to abuse by definition.

thanks,
Andrew

smime.p7s
Description: S/MIME cryptographic signature

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Two-Factor Authentication on the Web, (continued) Re: Two-Factor Authentication on the Web, Saqib Ali RE: Two-Factor Authentication on the Web, Harper.Matthew Re: Two-Factor Authentication on the Web, Tim Re: Two-Factor Authentication on the Web, Pete Herzog RE: Two-Factor Authentication on the Web, LM Directed phishing attacks- protection methods, Joshua Perrymon Re: Two-Factor Authentication on the Web, Devdas Bhagat Re: Two-Factor Authentication on the Web, Nick Owen Re: Two-Factor Authentication on the Web, Tim RE: Two-Factor Authentication on the Web, Christian Kanakis Re: Two-Factor Authentication on the Web, Andrew van der Stock <= Re: Two-Factor Authentication on the Web, Tim RE: Two-Factor Authentication on the Web, James Pujals Re: Two-Factor Authentication on the Web, Tim RE: Two-Factor Authentication on the Web, James Pujals Re: Two-Factor Authentication on the Web, Andrew van der Stock RE: Two-Factor Authentication on the Web, King, Stuart (REHQ-LON) RE: Two-Factor Authentication on the Web, Gaydosh, Adam RE: Two-Factor Authentication on the Web, Glenn.Everhart Re: Two-Factor Authentication on the Web, Andrew van der Stock RE: Two-Factor Authentication on the Web, Lyal Collins

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	RE: Two-Factor Authentication on the Web, Christian Kanakis
Next by Date:	Re: Two-Factor Authentication on the Web, Pete Herzog
Previous by Thread:	RE: Two-Factor Authentication on the Web, Christian Kanakis
Next by Thread:	Re: Two-Factor Authentication on the Web, Tim
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

RE: Two-Factor Authentication on the Web, Christian Kanakis

Next by Date:

Re: Two-Factor Authentication on the Web, Pete Herzog

Previous by Thread:

RE: Two-Factor Authentication on the Web, Christian Kanakis

Next by Thread:

Re: Two-Factor Authentication on the Web, Tim

Indexes:

[Date] [Thread] [Top] [All Lists]