Comments
What One-Time Passwords Could Do For Mobile
Newest First  |  Oldest First  |  Threaded View
JonathonT
50%
50%
JonathonT,
User Rank: Apprentice
2/23/2012 | 6:46:36 AM
re: What One-Time Passwords Could Do For Mobile
I agree that this additional hardware is a huge problem. I don't see this catching on widely unless it can be integrated into all mobile devices including phones and tablets. Otherwise, it will fall by the wayside as just yet another security token device. Some companies might enforce a security policy that requires that you have it as their employee, like carrying a badge or keycard, but other than that, the reasons for carrying another device will never be compelling enough for the average user. On the other hand, what if it were integrated into something that can be inserted into all mobile devices, like a microSD card that can automatically use a combination button-press/biometric fingerprint scan on its host device to release the one-time password? However, in that case, the microSD tokens will be commonly lost as devices are stolen or someone forgets to remove their microSD card. Plus, it is unlikely that all mobile devices across all makers, models, and device types will allow such a common and freely available button-press/biometric scan API. Is it safe to say that this is strictly a business security solution?

--- Jonathon

cloudfilesecurity.biz
Sabrina
50%
50%
Sabrina,
User Rank: Apprentice
2/23/2012 | 6:43:29 AM
re: What One-Time Passwords Could Do For Mobile
Password and usersname which is must is good for the respective ids along with it this problem along the OTop gives a great struggle
kmarko
50%
50%
kmarko,
User Rank: Strategist
2/23/2012 | 1:08:04 AM
re: What One-Time Passwords Could Do For Mobile
Re: app support. That's why Yubico's support for federated authentication systems and standards like OAuth and SAML are so important. Look at how many services are already tied to your Google, Twitter, Facebook, Windows Live or iTunes account. Most cloud services don't want to reinvent the user account/identity/authentication wheel and would rather just leverage what Google, Microsoft and Apple have already put together. If just a few of these (Google already does) support federated OTP, it could make a big difference.

User acceptance is a tougher issue, but dead simple devices like YubiKey certainly mitigate this. Having your ID stolen also tends to focus the mind. It's like the old saw that a conservative is a liberal who got mugged. As another commenter pointed out, smartphone-based biometrics might be another option, but unless these use the biometric with some sort of embedded TPM chip to generate a OTP, they're still subject to MITM and replay attacks.
JGUNN600
50%
50%
JGUNN600,
User Rank: Apprentice
2/22/2012 | 5:02:23 PM
re: What One-Time Passwords Could Do For Mobile
Kurt, I liked your piece and its forward-looking perspective. You nailed it when you brought up the issue of users carrying an extra device for authentication - they won't! Gartner, and other analysts, along with user trials will attest to this fact. Mobile enables OOBA and voice biometrics (maybe facial too) and opens new frontiers in security.


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.