Comments
What One-Time Passwords Could Do For Mobile
Newest First  |  Oldest First  |  Threaded View
JonathonT
50%
50%
JonathonT,
User Rank: Apprentice
2/23/2012 | 6:46:36 AM
re: What One-Time Passwords Could Do For Mobile
I agree that this additional hardware is a huge problem. I don't see this catching on widely unless it can be integrated into all mobile devices including phones and tablets. Otherwise, it will fall by the wayside as just yet another security token device. Some companies might enforce a security policy that requires that you have it as their employee, like carrying a badge or keycard, but other than that, the reasons for carrying another device will never be compelling enough for the average user. On the other hand, what if it were integrated into something that can be inserted into all mobile devices, like a microSD card that can automatically use a combination button-press/biometric fingerprint scan on its host device to release the one-time password? However, in that case, the microSD tokens will be commonly lost as devices are stolen or someone forgets to remove their microSD card. Plus, it is unlikely that all mobile devices across all makers, models, and device types will allow such a common and freely available button-press/biometric scan API. Is it safe to say that this is strictly a business security solution?

--- Jonathon

cloudfilesecurity.biz
Sabrina
50%
50%
Sabrina,
User Rank: Apprentice
2/23/2012 | 6:43:29 AM
re: What One-Time Passwords Could Do For Mobile
Password and usersname which is must is good for the respective ids along with it this problem along the OTop gives a great struggle
kmarko
50%
50%
kmarko,
User Rank: Strategist
2/23/2012 | 1:08:04 AM
re: What One-Time Passwords Could Do For Mobile
Re: app support. That's why Yubico's support for federated authentication systems and standards like OAuth and SAML are so important. Look at how many services are already tied to your Google, Twitter, Facebook, Windows Live or iTunes account. Most cloud services don't want to reinvent the user account/identity/authentication wheel and would rather just leverage what Google, Microsoft and Apple have already put together. If just a few of these (Google already does) support federated OTP, it could make a big difference.

User acceptance is a tougher issue, but dead simple devices like YubiKey certainly mitigate this. Having your ID stolen also tends to focus the mind. It's like the old saw that a conservative is a liberal who got mugged. As another commenter pointed out, smartphone-based biometrics might be another option, but unless these use the biometric with some sort of embedded TPM chip to generate a OTP, they're still subject to MITM and replay attacks.
JGUNN600
50%
50%
JGUNN600,
User Rank: Apprentice
2/22/2012 | 5:02:23 PM
re: What One-Time Passwords Could Do For Mobile
Kurt, I liked your piece and its forward-looking perspective. You nailed it when you brought up the issue of users carrying an extra device for authentication - they won't! Gartner, and other analysts, along with user trials will attest to this fact. Mobile enables OOBA and voice biometrics (maybe facial too) and opens new frontiers in security.


The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.