WebApp Sec mailing list archives
Re: one-time password (OTP) authentication
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 21 Jun 2005 18:06:19 +0530
On 20/06/05 13:21 -0700, maburns () safenet-inc com wrote: <snip>
Two-factor authentication is 1) "something physical only the user has" - like an USB Key which is the same as a ATM card and 2) a "pin # that only user knows" . This is not difficult to implement there are SDK's available
A "something the user has" plugged into the client makes it something the attacker has. Always assume that the client is compromised. Devdas Bhagat
Current thread:
- one-time password (OTP) authentication james (Jun 18)
- RE: one-time password (OTP) authentication Lyal Collins (Jun 19)
- Re: one-time password (OTP) authentication Andrew van der Stock (Jun 19)
- Re: one-time password (OTP) authentication Joseph Miller (Jun 20)
- <Possible follow-ups>
- RE: one-time password (OTP) authentication Cyrill Osterwalder (Jun 20)
- RE: one-time password (OTP) authentication maburns (Jun 20)
- Re: one-time password (OTP) authentication Devdas Bhagat (Jun 21)
- RE: one-time password (OTP) authentication Lyal Collins (Jun 21)
- Re: one-time password (OTP) authentication Achim Hoffmann (Jun 21)
- Re: one-time password (OTP) authentication Devdas Bhagat (Jun 21)
- RE: one-time password (OTP) authentication Lyal Collins (Jun 19)
- RE: one-time password (OTP) authentication maburns (Jun 20)