Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SecureID vs Certificates

From: "Marcus J. Ranum" <mjr () nfr com>
Date: Tue, 13 Feb 2001 14:30:04 -0500
Tony Miedaner wrote:
it would seem to me that certificates would be a reasonable form of two factor authentication 

I'm sure lots of people would consider certificates a 2-factor
authentication, but I don't. The definition of "2-factor" usually
is something like this:
        "something you _have_ plus something you _know_"
I'd like to change it to:
        "something you _uniquely_ _have_ plus something you _know_"

As a file on a hard disk, a certificate is not guaranteed to be unique.
A SecurID token is not _guaranteed_ to be unique - someone with
the key could duplicate a token - but barring extraordinary measures
you'll have a chance of catching them when they attempt to steal
your token.

I guess another way of putting it is that a desirable property of a
real 2-factor system is that if the physical factor is stolen, you
can _tell_. (For typical values of "stolen")

mjr.
---
Marcus J. Ranum,  Chief Technology Officer, Network Flight Recorder, Inc.
Work:  http://www.nfr.net
Play: http://www.ranum.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: