seems like 2 factor auth (one time password) using token will
be soon available to the general consumer soon.
SanDisk will be adding the functionality of
one-time-password, dubbed 'TrustedSignins', in their
TrustedFlash device.
Verisign, and RSA are working with SanDisk to build this
platform, which might put an end to phishing
See:
http://www.sandisk.com/Corporate/PressRoom/PressReleases/Press
Release.aspx?ID=3569
Saqib:
Accessible 2-factor authentication is great, but a couple of points:
1. It is unclear how this solution is more secure than just storing the
token in a PKS12 store on a USB drive.
2. Without mutual authentication, phishing attacks will still occur.
3. Even with mutual strong authentication, out-of-band transaction
authentication may be needed to thwart trojans.
In, fact I would argue that it would be better to validate transactions only
with 2-factor. I would also argue that availablility has not been the issue
in the lack of deployments.
--
Nick Owen
CEO
404-962-8983
WiKID Systems, Inc.
http://www.wikidsystems.com
http://sourceforge.net/projects/wikid-twofactor
Commercial/Open Source Two-Factor Authentication
-------------------------------------------------------------------------
Sponsored by: Watchfire
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have
seen, and outlines a guideline for developing secure web applications.
Download our The Twelve Most Common Application-level Hack Attacks
whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTi
--------------------------------------------------------------------------
