10 Replies - 1265 Views - Last Post: 01 April 2014 - 01:56 PM

#1 UT_longhorn  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 28-March 14

How do you see multi-factor authentication

Posted 28 March 2014 - 02:22 PM

Hello All

I am doing a project to understand how people see and desire from a multi factor authentication platform . I see a lot of techies here, so it would be great if you could give your feedback on this by going to this survey -

https://utexas.qualt...71HkkeMVp7iCLf7
Is This A Good Question/Topic? 0
  • +

Replies To: How do you see multi-factor authentication

#2 cfoley  Icon User is online

  • Cabbage
  • member icon

Reputation: 2021
  • View blog
  • Posts: 4,193
  • Joined: 11-December 07

Re: How do you see multi-factor authentication

Posted 31 March 2014 - 03:31 AM

Multi factor authentication is great until someone gets your mother's maiden name from Facebook.
Was This Post Helpful? 0
  • +
  • -

#3 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3589
  • View blog
  • Posts: 11,165
  • Joined: 05-May 12

Re: How do you see multi-factor authentication

Posted 31 March 2014 - 07:31 AM

Or you have to tell your boss that you lost your keyfob the 3rd time this week so you can't log on to the network and do any work today...

Or you went rock climbing this past weekend and all your finger tips are swollen or so badly cut up that the fingerprint reader can't identify you...
Was This Post Helpful? 0
  • +
  • -

#4 cfoley  Icon User is online

  • Cabbage
  • member icon

Reputation: 2021
  • View blog
  • Posts: 4,193
  • Joined: 11-December 07

Re: How do you see multi-factor authentication

Posted 31 March 2014 - 02:44 PM

Or you have to take a sick day because Wesley Snipes stole your eyeball.
Was This Post Helpful? 0
  • +
  • -

#5 UT_longhorn  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 28-March 14

Re: How do you see multi-factor authentication

Posted 31 March 2014 - 02:50 PM

Thats true ! But what do you guys think of using your smart phone instead of the fobstick ? What features would you like to see in an ideal MFA ?
Was This Post Helpful? 0
  • +
  • -

#6 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 9283
  • View blog
  • Posts: 34,797
  • Joined: 12-June 08

Re: How do you see multi-factor authentication

Posted 31 March 2014 - 02:53 PM

As fast as s a phone becomes a toilet-phone or goes MIA in a cab it is not a sure bet.. unlocked phones even. That of course is excluding the folks that reject the whole smartphone mess.
Was This Post Helpful? 0
  • +
  • -

#7 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3589
  • View blog
  • Posts: 11,165
  • Joined: 05-May 12

Re: How do you see multi-factor authentication

Posted 31 March 2014 - 06:29 PM

View PostUT_longhorn, on 31 March 2014 - 05:50 PM, said:

Thats true ! But what do you guys think of using your smart phone instead of the fobstick ?

The idea behind the fobs was for the chips living on them to be tamper resistant so that somebody can't stick in a bunch of probes to figure out the chip's internal state. The idea of having a token generator running on a smartphone is suddenly all kinds of goodness when you start attaching a debugger to the phone. I'm all for it! :)

Ah, but you say that all your smartphone app does is call home to a trusted server to ask for the next token. And I say what happens if I'm in a Faraday cage? No token for me?
Was This Post Helpful? 0
  • +
  • -

#8 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3589
  • View blog
  • Posts: 11,165
  • Joined: 05-May 12

Re: How do you see multi-factor authentication

Posted 31 March 2014 - 06:35 PM

View Postcfoley, on 31 March 2014 - 05:44 PM, said:

Or you have to take a sick day because Wesley Snipes stole your eyeball.


And you don't even have to have the bad guys steal your eyeball. Just capture the data once and publish. So now you have to repudiate that factor, and move on to the next eyeball. Capture that data again and publish once more. No more eyeballs to use. Go for DNA? Or start with artery and vein patterns in hands first?

And is it possible to have all your DNA replaced if the bad guys manage to get hold of your DNA? How do you do repudiation on a DNA chain?
Was This Post Helpful? 0
  • +
  • -

#9 cfoley  Icon User is online

  • Cabbage
  • member icon

Reputation: 2021
  • View blog
  • Posts: 4,193
  • Joined: 11-December 07

Re: How do you see multi-factor authentication

Posted 01 April 2014 - 09:02 AM

You replicate DNA in a lab using a process called PCR. It copies the cell's mechanism for DNA replication and it's pretty much the first step in any DNA analysis. I've done it and it's not difficult. In fact, there are machines available to do it for you. All you have to do is throw in the ingredients and extract the DNA from the soup that comes out.

I wouldn't willingly use any service that required my phone as part of the login credentials. Security concerns aside, It's my phone, not my employer's and not my bank's. If I lose my phone or lend it to someone would I be liable if they use it (along with my mother's maiden name) to log into some service and cause damage?
Was This Post Helpful? 0
  • +
  • -

#10 romangonzalez  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 1
  • Joined: 01-April 14

Re: How do you see multi-factor authentication

Posted 01 April 2014 - 09:31 AM

View Postcfoley, on 31 March 2014 - 03:31 AM, said:

Multi factor authentication is great until someone gets your mother's maiden name from Facebook.


Hey yo, so that's not really multifactor authentication. That's "two-step" authentication, and a lot of companies try to conflate the two to make it seem like they have more than they really do. Banks ask these questions a lot when you log in. Those security questions are just second passwords, but second passwords where you're given a really big clue. It's terrible security. But multifactor is when you use a second *factor* of authentication. There are three possible factors: something you know (passwords, pins), something you have (phone, fob), and something you are (biometrics, fingerprints).

So yea, security questions are shitty.
Was This Post Helpful? 1
  • +
  • -

#11 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3589
  • View blog
  • Posts: 11,165
  • Joined: 05-May 12

Re: How do you see multi-factor authentication

Posted 01 April 2014 - 01:56 PM

I recall having a college professor playing around with an aspect of the "something you are" factor. He was trying to use the user's average typing speed and typing patterns as a way of authenticating who you are. I don't know if he went further on with that research idea or not.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1