PaulDotCom mailing list archives
Re: Soft Tokens??
From: Jack Daniel <jackadaniel () gmail com>
Date: Sat, 10 Nov 2012 11:15:12 -0500
On Saturday, November 10, 2012, Robin Wood wrote:
On 10 November 2012 12:48, Herndon Elliott <alabamatoy () gmail com<javascript:;>> wrote:Subject: [Pauldotcom] Soft Tokens?? What are your thoughts on software tokens as a two factor authsolution? Would like to hear both sides. And if your 'for' then which solutions/products have you used. And by all means if you have pwn'd a two factor soft token login, please share (if you can).Isnt "two factor" and "software token" mutually exclusive? While a software implementation of two factor may emulate the actual hardware (the second factor), isnt it actually, really not two factor? Its one factor, something you know. The something you have is now just another app that the user doesnt really provide?I'd disagree with that, an RSA token is just software running on a custom piece of hardware. What is the difference between the RSA token and an app running on my Android phone when both are generating authentication codes. Not saying the app is as secure as the hardware token just a different way to implement it. Robin I'm with Robin, "hardware" solutions are just custom software on custom
hardware. The separation of devices is the advantage, as a compromised laptop generating it's own 2fa is questionable- but some of the soft tokens will run on phones or other devices (which are, of course, targets of attack themselves). If you want to play with software 2fa, you might want to check out WiKID ( wikidsystems.com), they have an Open Source version so you can play for free. Jack -- ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Soft Tokens?? Julian Makas (Nov 09)
- <Possible follow-ups>
- Re: Soft Tokens?? Herndon Elliott (Nov 10)
- Re: Soft Tokens?? Robin Wood (Nov 10)
- Re: Soft Tokens?? Tony Turner (Nov 10)
- Re: Soft Tokens?? Jack Daniel (Nov 10)
- Re: Soft Tokens?? Conrad Constantine (Nov 10)
- Re: Soft Tokens?? Todd Haverkos (Nov 21)
- Re: Soft Tokens?? Archanet.co.uk (Nov 10)
- Re: Soft Tokens?? Robin Wood (Nov 10)