Comic: Two-Factor Authentication - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Life
Commentary
3/21/2016
03:06 PM
Brian Moore
Brian Moore
Commentary
50%
50%

Comic: Two-Factor Authentication

Security is a top priority, and with biometric security starting to look less secure, we're going to have to get creative.

Whatever it is, it sure beats someone cutting off your hand to break into a building, like they do in the movies.

Brian Moore is a cartoonist and illustrator. His first brush with the world of IT was a very part-time gig applying software patches on a TRS-80 Model III. The patches were about four lines long and arrived in the mail, typed on letterhead. He has since moved on to computers ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
3/26/2016 | 8:55:42 AM
Re: Two Factors?
@TerryB: I suspect that for these reasons, the conversation will shift to three-factor authentication (something you know, something you have, AND something you are) within the next 8-12 years.
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Author
3/24/2016 | 8:26:07 PM
Re: Two Factors?
Brian, in what movie they cut off someone's hand to brake into a building? -Susan
impactnow
50%
50%
impactnow,
User Rank: Author
3/23/2016 | 11:02:57 PM
Re: Two Factors?
Authentication just might be catching up to our forgetfulness and all the divergent password requirements - I was r e recently authorized authenticated with my voice!
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
3/23/2016 | 7:45:59 PM
Re: Two Factors?
Definitely!  If they have your phone you are dead in the water, unfortunately, if you've saved your password.  Unless you have the code generator on another device.  I have mine on my iPad.
TerryB
50%
50%
TerryB,
User Rank: Ninja
3/23/2016 | 1:22:20 PM
Re: Two Factors?
But if someone picked up your phone and launched app with saved password, wouldn't site just send extra code you need to same phone? At least that's what my bank would do, defeating whole purpose of two factor.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
3/23/2016 | 1:03:41 PM
Re: Two Factors?
What is awesome is that even if you save the passwords it still requires you to use the code to have access.  It's a fantastic solution for prying eyes...
TerryB
50%
50%
TerryB,
User Rank: Ninja
3/23/2016 | 12:57:13 PM
Re: Two Factors?
I'm assuming you don't save your email passwords on that phone though, correct? I've seen my wife use the save feature for convenience. Then if you lose phone, better hope you have your screen lock pin code set and it is kicked in. I'm too lazy to set that, I just make sure I don't have anything on phone I care about losing. Plus I rarely even take the thing with me. I have the most expensive alarm clock and Pandora player in the world, just sitting in my house most of time. :-) Work pays for it, that way they can reach me when I am on vacation or something.

And nobody uses the FBI's new ploy to copy chip config so they can run brute force crack without bricking phone. :-)  I'm interested to see if that works, sure seems simple enough. Well, assuming you have hardware to make copy of flash memory contents anyway.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
3/23/2016 | 12:44:56 PM
Re: Two Factors?
@TerryB - I use this method for accessing several personal email accounts and it is pretty difficult to circumvent.  I also have used a code generator app instead of a text message, and that works just as well.  
TerryB
50%
50%
TerryB,
User Rank: Ninja
3/22/2016 | 1:10:58 PM
Re: Two Factors?
@jastroff, you mean because the app/password is built into the same phone as text gets sent to? I recognized that flaw in my bank's technique right away, make sure I never use my phone to do online banking. Other than that, text msg to a predefined number is pretty secure. The key is to make sure the two factors are physically separated. If a RAT infects my desktop I do banking from, don't see how they would get around the secure code it sends to my phone as the next step.

If you know something about an easy hack to intercept text to phone, send me a link to the info.
jastroff
50%
50%
jastroff,
User Rank: Ninja
3/22/2016 | 9:34:25 AM
Two Factors?
@brian - amusing. I've always thought that sending a text message as a more secure idea is less than secure, and this points out that maybe we can think of other things
Page 1 / 2   >   >>
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Convince Wary Customers to Share Personal Information
John Edwards, Technology Journalist & Author,  6/17/2019
Commentary
The Art and Science of Robot Wrangling in the AI Era
Guest Commentary, Guest Commentary,  6/11/2019
White Papers
Register for InformationWeek Newsletters
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features — fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll