[AusNOG] Authentication Tokens

Scott Howard scott at doc.net.au
Thu Jun 18 09:26:02 EST 2009


On Wed, Jun 17, 2009 at 3:51 PM, Curtis Bayne <curtis at bayne.com.au> wrote:

> Considering that tokens are (at least in our case) usually on the same
> retractable keychain as our datacentre swipe cards and photo identity
> cards I don't really see how it adds any extra security.


It's called "2-factor authentication" for a reason.

The token is only one of the factors (the "something you have") - even if
you do loose it and everything else on your keychain the person who finds it
still can't (in theory, at least) authenticate without knowing the other
factor such as the PIN number or password that goes with the token (the
"something you know").

The reverse is also obviously true - if I can manage to shoulder-surf your
password, I can't use it without the token.

Of course there's still a small risk that you could do both - shoulder-surf
the password/pin and physically steal the token, but at least in that
situation you're far more likely to notice that it's occurred than if you
were using a password alone as you've be physically missing something - the
token.

  Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090617/04cfa2b2/attachment.html>


More information about the AusNOG mailing list