When is two factor auth less secure?

By Roger on December 10, 2005 8:28 PM | | Comments (1) | TrackBacks (0)

Two factor authentication is when you combine multiple methods of authentication to prove who you are at login. With a ATM, you have the ATM card and you know your personal identification number (PIN). So you've proven who you are with something you have and something you know.

When you log into your company's VPN you might use a RSA SecurID card as well as a PIN. But what happens if the PIN is written down and stored with the card? Anyone who finds the card has the PIN as well. You have essentially reduced your two factor authentication to one factor authentication blowing the security that your company paid for by implementing SecurID.

Two factor authentication can be reduced to one factor authentication based on user behavior.

Categories

General

0 TrackBacks

Listed below are links to blogs that reference this entry: When is two factor auth less secure?.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/24

1 Comments

Srijith said:

User behavior can reduce all kinds of security in place :) By writing the PIN on a post-it and sticking it to the card and then losing the card can reduce the 2 factor auth. to 0 factor!

December 27, 2005 2:04 PM

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on December 10, 2005 8:28 PM.

Windows Mobile 5 part 2 was the previous entry in this blog.

Struggling with the modern realities of antivirus is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.23-en

Search