Comments
What One-Time Passwords Could Do For Mobile
Newest First  |  Oldest First  |  Threaded View
JonathonT
50%
50%
JonathonT,
User Rank: Apprentice
2/23/2012 | 6:46:36 AM
re: What One-Time Passwords Could Do For Mobile
I agree that this additional hardware is a huge problem. I don't see this catching on widely unless it can be integrated into all mobile devices including phones and tablets. Otherwise, it will fall by the wayside as just yet another security token device. Some companies might enforce a security policy that requires that you have it as their employee, like carrying a badge or keycard, but other than that, the reasons for carrying another device will never be compelling enough for the average user. On the other hand, what if it were integrated into something that can be inserted into all mobile devices, like a microSD card that can automatically use a combination button-press/biometric fingerprint scan on its host device to release the one-time password? However, in that case, the microSD tokens will be commonly lost as devices are stolen or someone forgets to remove their microSD card. Plus, it is unlikely that all mobile devices across all makers, models, and device types will allow such a common and freely available button-press/biometric scan API. Is it safe to say that this is strictly a business security solution?

--- Jonathon

cloudfilesecurity.biz
Sabrina
50%
50%
Sabrina,
User Rank: Apprentice
2/23/2012 | 6:43:29 AM
re: What One-Time Passwords Could Do For Mobile
Password and usersname which is must is good for the respective ids along with it this problem along the OTop gives a great struggle
kmarko
50%
50%
kmarko,
User Rank: Strategist
2/23/2012 | 1:08:04 AM
re: What One-Time Passwords Could Do For Mobile
Re: app support. That's why Yubico's support for federated authentication systems and standards like OAuth and SAML are so important. Look at how many services are already tied to your Google, Twitter, Facebook, Windows Live or iTunes account. Most cloud services don't want to reinvent the user account/identity/authentication wheel and would rather just leverage what Google, Microsoft and Apple have already put together. If just a few of these (Google already does) support federated OTP, it could make a big difference.

User acceptance is a tougher issue, but dead simple devices like YubiKey certainly mitigate this. Having your ID stolen also tends to focus the mind. It's like the old saw that a conservative is a liberal who got mugged. As another commenter pointed out, smartphone-based biometrics might be another option, but unless these use the biometric with some sort of embedded TPM chip to generate a OTP, they're still subject to MITM and replay attacks.
JGUNN600
50%
50%
JGUNN600,
User Rank: Apprentice
2/22/2012 | 5:02:23 PM
re: What One-Time Passwords Could Do For Mobile
Kurt, I liked your piece and its forward-looking perspective. You nailed it when you brought up the issue of users carrying an extra device for authentication - they won't! Gartner, and other analysts, along with user trials will attest to this fact. Mobile enables OOBA and voice biometrics (maybe facial too) and opens new frontiers in security.


IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Oct. 20, 2014
Energy and weather agencies are busting long-held barriers to analyzing big data. Can the feds now get other government agencies into the movement?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.