RE: 2-factor auth for all

["Nick Owen" <nowen () wikidsystems com>]

> seems like 2 factor auth (one time password) using token will 
> be soon available to the general consumer soon.
>
> SanDisk will be adding the functionality of 
> one-time-password, dubbed 'TrustedSignins', in their 
> TrustedFlash device.
>
> Verisign, and RSA are working with SanDisk to build this 
> platform, which might put an end to phishing
>
> See:
> http://www.sandisk.com/Corporate/PressRoom/PressReleases/Press
> Release.aspx?ID=3569

Saqib:

Accessible 2-factor authentication is great, but a couple of points:

1. It is unclear how this solution is more secure than just storing the
token in a PKS12 store on a USB drive. 

2. Without mutual authentication, phishing attacks will still occur. 

3. Even with mutual strong authentication, out-of-band transaction
authentication may be needed to thwart trojans. 

In, fact I would argue that it would be better to validate transactions only
with 2-factor.  I would also argue that availablility has not been the issue
in the lack of deployments.

--
Nick Owen
CEO
404-962-8983
WiKID Systems, Inc. 
http://www.wikidsystems.com
http://sourceforge.net/projects/wikid-twofactor
Commercial/Open Source Two-Factor Authentication    


-------------------------------------------------------------------------
Sponsored by: Watchfire

Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have 
seen, and outlines a guideline for developing secure web applications. 
Download our The Twelve Most Common Application-level Hack Attacks 
whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTi
--------------------------------------------------------------------------