Firewall Wizards mailing list archives
Re: SecureID vs Certificates
From: "Marcus J. Ranum" <mjr () nfr com>
Date: Tue, 13 Feb 2001 14:30:04 -0500
Tony Miedaner wrote:
it would seem to me that certificates would be a reasonable form of two factor authentication
I'm sure lots of people would consider certificates a 2-factor authentication, but I don't. The definition of "2-factor" usually is something like this: "something you _have_ plus something you _know_" I'd like to change it to: "something you _uniquely_ _have_ plus something you _know_" As a file on a hard disk, a certificate is not guaranteed to be unique. A SecurID token is not _guaranteed_ to be unique - someone with the key could duplicate a token - but barring extraordinary measures you'll have a chance of catching them when they attempt to steal your token. I guess another way of putting it is that a desirable property of a real 2-factor system is that if the physical factor is stolen, you can _tell_. (For typical values of "stolen") mjr. --- Marcus J. Ranum, Chief Technology Officer, Network Flight Recorder, Inc. Work: http://www.nfr.net Play: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SecureID vs Certificates, (continued)
- Re: SecureID vs Certificates Darren Reed (Feb 16)
- Re: SecureID vs Certificates beldridg (Feb 16)
- Re: SecureID vs Certificates Peter Lukas (Feb 16)
- Re: SecureID vs Certificates George Capehart (Feb 15)
- Re: SecureID vs Certificates Crist Clark (Feb 15)
- Re: SecureID vs Certificates Darren Reed (Feb 13)
- Re: SecureID vs Certificates Michael H. Warfield (Feb 13)
- Re: SecureID vs Certificates Volker Tanger (Feb 13)
- RE: SecureID vs Certificates Bill Jaeger (Feb 15)
- Re: SecureID vs Certificates Volker Tanger (Feb 15)
- RE: SecureID vs Certificates Bill Jaeger (Feb 15)
- Re: SecureID vs Certificates Marcus J. Ranum (Feb 14)
- Re: SecureID vs Certificates Peter Lukas (Feb 15)
- Re: SecureID vs Certificates Jeffery . Gieser (Feb 13)
- Re: SecureID vs Certificates Gregory Hicks (Feb 13)
- RE: SecureID vs Certificates Ben Nagy (Feb 15)
- RE: SecureID vs Certificates Frank Knobbe (Feb 15)
- RE: SecureID vs Certificates Wigg, Guy G (Feb 15)
- RE: SecureID vs Certificates Nigel Willson (Feb 16)