When Two-factor Authentication Goes Wrong
I am a strong advocate of two-factor authentication, but when it goes wrong, you can lose access to critical systems. I have written about the benefits of two-factor authentication (2FA) here and I discuss it every time I teach Learning Tree’s System and Network Security Introduction. A recent account lockout hasn’t diminished my support for […]
Improve Your Security with Two-Factor Authentication
Two-step or two-factor authentication provides better security than a single factor. For instance, a fingerprint and PIN is stronger than either alone. Security professionals generally divide authentication techniques into three categories: something you have, something you know, and something you are. Corresponding examples would be a token or an app on a smartphone, a password, and […]
The End of Fingerprint Authentication?
Some years ago the Chaos Computer Club (CCC) posted a video (actually two: one in English and one in German) showing how to capture fingerprints from objects and use the copies to spoof a fingerprint scanner. The method of capturing the prints was one often seen in TV crime dramas: use Cyanoacrylate glue to make […]
Multi-factor Authentication on the Web
Authentication is a central part of an authorization scheme – it is important to know who someone (or some thing) is to know what he/she/it is allowed to do. Recently there has been a lot of discussion of multi-factor authentication on the web. First, what is multi-factor authentication? There are three general ways to authenticate […]