WebApp Sec mailing list archives
RE: Two-Factor Authentication on the Web
From: "Gaydosh, Adam" <GaydoshA () ctc com>
Date: Sun, 2 Jul 2006 18:09:41 -0400
"But even when biometric authentication "works", it still does not prove my _identity_, it just proves that I am who *I said* I am, which is another thing entirely;" Umm... I don't follow. How could your DNA (I would waver on this one since I heard somewhere that twins could have the same DNA), fingerprint, retinal scan, etc, not be unique to you and only you?
I think the idea is that the concept of 'identity' which we are attempting to authenticate is not an inherent characteristic of our bodies, but something that has been officially associated with a given biometric by the issuing authority, e.g. my SSN, Account Name, etc...are not in my DNA. ------------------------------------------------------------------------- Sponsored by: Watchfire As web applications become increasingly complex, tremendous amounts of sensitive data - personal, medical and financial - are exchanged, and stored. Consumers expect and demand security for this information. This whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download "Automated Scanning or Manual Penetration Testing?" today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm --------------------------------------------------------------------------
Current thread:
- RE: Two-Factor Authentication on the Web Gaydosh, Adam (Jul 02)
- <Possible follow-ups>
- RE: Two-Factor Authentication on the Web Glenn.Everhart (Jul 03)
- Re: Two-Factor Authentication on the Web Andrew van der Stock (Jul 03)
- RE: Two-Factor Authentication on the Web Lyal Collins (Jul 03)
- Re: Two-Factor Authentication on the Web Andrew van der Stock (Jul 03)
- RE: Two-Factor Authentication on the Web Popowycz, Alex (Jul 03)
- RE: Two-Factor Authentication on the Web Popowycz, Alex (Jul 05)
- RE: Two-Factor Authentication on the Web Lyal Collins (Jul 05)
- RE: Two-Factor Authentication on the Web James Pujals (Jul 05)
- RE: Two-Factor Authentication on the Web PPowenski (Jul 06)
- Re: Two-Factor Authentication on the Web mikeiscool (Jul 07)
- Re: Two-Factor Authentication on the Web Devdas Bhagat (Jul 17)