WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Two-Factor Authentication on the Web

From: "Gaydosh, Adam" <GaydoshA () ctc com>
Date: Sun, 2 Jul 2006 18:09:41 -0400

"But even when biometric authentication "works", it still does 
not prove my _identity_, it just proves that I am who *I said* 
I am, which is another thing entirely;"
Umm... I don't follow. How could your DNA (I would waver on 
this one since I heard somewhere that twins could have the 
same DNA), fingerprint, retinal scan, etc, not be unique to 
you and only you? 


I think the idea is that the concept of 'identity' which we are
attempting to authenticate is not an inherent characteristic of our
bodies, but something that has been officially associated with a given
biometric by the issuing authority, e.g. my SSN, Account Name, etc...are
not in my DNA.  

-------------------------------------------------------------------------
Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of
sensitive data - personal, medical and financial - are exchanged, and
stored. Consumers expect and demand security for this information. This
whitepaper examines a few vulnerability detection methods - specifically
comparing and contrasting manual penetration testing with automated
scanning tools. Download "Automated Scanning or Manual Penetration
Testing?" today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: