Skip to main content

schneier-clarifies-his-stance-on-two-factor

Bruce Schneier posted a clarification on his stance regarding two-factor authentication today.

Two-factor authentication is a long-overdue solution to the problem of passwords. I welcome its increasing popularity, but identity theft and bank fraud are not results of password problems; they stem from poorly authenticated transactions. The sooner people realize that, the sooner they'll stop advocating stronger authentication measures and the sooner security will actually improve.

Again, he's missing a couple of points.

  • First, it is simple to use strong authentication to authenticate transactions as well as sessions.
  • Second, some strong authentication systems, such as our strong authentication system can combat the "non-authentication" attacks Schneier describes. For example, the WiKID two-factor client will not generate a valid passcode if the DNS system is poisoned. We are working on extending WiKID in other ways as well.
  • Current rating: 1

    Recent Posts

    Archive

    2024
    2022
    2021
    2019
    2018
    2017
    2016
    2015
    2014
    2013
    2012
    2011
    2010
    2009
    2008

    Categories

    Tags

    Authors

    Feeds

    RSS / Atom