mobile phone + password = 2 factor auth?
Till Maas
opensource at till.name
Tue May 26 15:44:33 UTC 2009
On Tuesday 26 May 2009 15:50:49 Seth Vidal wrote:
> I was changing some settings with my mobile phone company and in order to
> change my password they made me use what looks a lot like 2 factor auth:
>
> something I know: my current password
> something I have: my phone
>
> I logged in with my current password - then they txt'd me a temporary
> password which I had to type in to verify I was me.
>
> Which got me to wondering - if most people have a mobile phone and/or have
> access to one - why couldn't we use that as the second factor for our
> auth?
A problem with phones is, that they are typically not as secure as hardware
tokens. Users can install custom software on them. Also the phone may be
compromised via bluetooth. It might be even possible to directly access text
messages via bluetooth or maybe also wifi nowadays.
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20090526/ec5bf59d/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list