Skip to main content

schneier-clarifies-his-stance-on-two-factor

Posted by: admin 17 years, 1 month ago

Bruce Schneier posted a clarification on his stance regarding two-factor authentication today.

Two-factor authentication is a long-overdue solution to the problem of passwords. I welcome its increasing popularity, but identity theft and bank fraud are not results of password problems; they stem from poorly authenticated transactions. The sooner people realize that, the sooner they'll stop advocating stronger authentication measures and the sooner security will actually improve.

Again, he's missing a couple of points.

  • First, it is simple to use strong authentication to authenticate transactions as well as sessions.
  • Second, some strong authentication systems, such as our strong authentication system can combat the "non-authentication" attacks Schneier describes. For example, the WiKID two-factor client will not generate a valid passcode if the DNS system is poisoned. We are working on extending WiKID in other ways as well.
    • Current rating: 1