assurance - RE: [Assurance] can two-factor be hacked ?
Subject: Assurance
List archive
- From: "Jones, Mark B" <>
- To: "" <>
- Subject: RE: [Assurance] can two-factor be hacked ?
- Date: Mon, 10 Mar 2014 19:48:55 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
> Sorry, I'm late to the party but this old blog article by Bruce Schneier
is
> relevant:
>
> https://urldefense.proofpoint.com/v1/url?u=https://www.schneier.com/bl
> og/archives/2005/04/more_on_twofact.html&k=yYSsEqip9%2FcIjLHUhVwIq
> A%3D%3D%0A&r=o50KCUcRVN10tgtglyNVFw2kmizyPIIFTSGui%2BBSZ5A%3D
> %0A&m=RHWZLcPgkOIhmdr7DSt2hU6ShZDfvNvcdYRaIPHv4Fk%3D%0A&s=7f
> 8828ed3f773efbddbafdd8359d039f130a2a7af200ea8db31053e11e9fc5cb
>
> Briefly, Schneier's recommendation is: authenticate the transaction, not
the
> user.
[Jones, Mark B]
That seems like an oversimplification to me. I like how it is put in the
final paragraph of the blog:
"One way to think about this ... is that two-factor authentication solves
security problems involving authentication. The current wave of attacks
against financial systems are not exploiting vulnerabilities in the
authentication system, so two-factor authentication doesn't help."
I'm not sure how meaningful this blog is without understanding the specific
threats being discussed. But it seems to me that we are focused on
"problems involving authentication".
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [Assurance] can two-factor be hacked ?, Steven Carmody, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, David Langenberg, 03/07/2014
- RE: [Assurance] can two-factor be hacked ?, Eric Goodman, 03/10/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/10/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Steven Carmody, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/10/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/10/2014
Archive powered by MHonArc 2.6.16.