assurance - [Assurance] silver and two-factor ...

Subject: Assurance

List archive

[Assurance] silver and two-factor ...

From: Steven Carmody <>
To:
Subject: [Assurance] silver and two-factor ...
Date: Tue, 13 Mar 2012 12:48:10 -0400

I'm wondering why so many sites that are interested in Silver are so interested in two-factor....

I haven't looked at the Silver profile in a long time. But, my memory is that strong passwords, stored sufficiently securely, and not replicated into uncontrolled environments (eg google), would pass muster with Silver. I'm assuming, of course, that the other Silver criteria (eg around identity proofing, account claiming, etc) would also be met.

I can imagine that there may be issues with those passwords passing through a variety of systems (eg systems that are then authenticating users against a central ldap, for instance). But, that's just a guess -- I would be interested in hearing about specific concerns that are driving sites toward two-factor.

Thanks for any light you can shine on this!

[Assurance] silver and two-factor ..., Steven Carmody, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Caskey, Paul, 03/13/2012
  - RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
    - Re: [Assurance] silver and two-factor ..., Frazier, William S [ITSYS], 03/13/2012
      - RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
      - RE: [Assurance] silver and two-factor ..., Dunker, Mary, 03/13/2012
        
        Re: [Assurance] silver and two-factor ..., Christopher Bongaarts, 03/13/2012
        
        RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
        
        Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/13/2012
        
        RE: [Assurance] silver and two-factor ..., Farmer, Jacob, 03/13/2012

List archive

[Assurance] silver and two-factor ...