IoT
IoT
IT Life
Commentary
3/21/2016
03:06 PM
Brian Moore
Brian Moore
Commentary
50%
50%

Comic: Two-Factor Authentication

Security is a top priority, and with biometric security starting to look less secure, we're going to have to get creative.

Whatever it is, it sure beats someone cutting off your hand to break into a building, like they do in the movies.

Brian Moore is a cartoonist and illustrator. His first brush with the world of IT was a very part-time gig applying software patches on a TRS-80 Model III. The patches were about four lines long and arrived in the mail, typed on letterhead. He has since moved on to computers ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/26/2016 | 8:55:42 AM
Re: Two Factors?
@TerryB: I suspect that for these reasons, the conversation will shift to three-factor authentication (something you know, something you have, AND something you are) within the next 8-12 years.
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Author
3/24/2016 | 8:26:07 PM
Re: Two Factors?
Brian, in what movie they cut off someone's hand to brake into a building? -Susan
impactnow
50%
50%
impactnow,
User Rank: Ninja
3/23/2016 | 11:02:57 PM
Re: Two Factors?
Authentication just might be catching up to our forgetfulness and all the divergent password requirements - I was r e recently authorized authenticated with my voice!
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
3/23/2016 | 7:45:59 PM
Re: Two Factors?
Definitely!  If they have your phone you are dead in the water, unfortunately, if you've saved your password.  Unless you have the code generator on another device.  I have mine on my iPad.
TerryB
50%
50%
TerryB,
User Rank: Ninja
3/23/2016 | 1:22:20 PM
Re: Two Factors?
But if someone picked up your phone and launched app with saved password, wouldn't site just send extra code you need to same phone? At least that's what my bank would do, defeating whole purpose of two factor.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
3/23/2016 | 1:03:41 PM
Re: Two Factors?
What is awesome is that even if you save the passwords it still requires you to use the code to have access.  It's a fantastic solution for prying eyes...
TerryB
50%
50%
TerryB,
User Rank: Ninja
3/23/2016 | 12:57:13 PM
Re: Two Factors?
I'm assuming you don't save your email passwords on that phone though, correct? I've seen my wife use the save feature for convenience. Then if you lose phone, better hope you have your screen lock pin code set and it is kicked in. I'm too lazy to set that, I just make sure I don't have anything on phone I care about losing. Plus I rarely even take the thing with me. I have the most expensive alarm clock and Pandora player in the world, just sitting in my house most of time. :-) Work pays for it, that way they can reach me when I am on vacation or something.

And nobody uses the FBI's new ploy to copy chip config so they can run brute force crack without bricking phone. :-)  I'm interested to see if that works, sure seems simple enough. Well, assuming you have hardware to make copy of flash memory contents anyway.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
3/23/2016 | 12:44:56 PM
Re: Two Factors?
@TerryB - I use this method for accessing several personal email accounts and it is pretty difficult to circumvent.  I also have used a code generator app instead of a text message, and that works just as well.  
TerryB
50%
50%
TerryB,
User Rank: Ninja
3/22/2016 | 1:10:58 PM
Re: Two Factors?
@jastroff, you mean because the app/password is built into the same phone as text gets sent to? I recognized that flaw in my bank's technique right away, make sure I never use my phone to do online banking. Other than that, text msg to a predefined number is pretty secure. The key is to make sure the two factors are physically separated. If a RAT infects my desktop I do banking from, don't see how they would get around the secure code it sends to my phone as the next step.

If you know something about an easy hack to intercept text to phone, send me a link to the info.
jastroff
50%
50%
jastroff,
User Rank: Ninja
3/22/2016 | 9:34:25 AM
Two Factors?
@brian - amusing. I've always thought that sending a text message as a more secure idea is less than secure, and this points out that maybe we can think of other things
Page 1 / 2   >   >>
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of August 14, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.