|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: 2-factor auth for all
From: Nick Owen (nowen
wikidsystems.com)
Date: Tue Oct 24 2006 - 10:55:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Saqib Ali wrote:
>> 2. Without mutual authentication, phishing attacks will still occur.
>
> Excellent point! I totally agree with this. In fact I covered this
> topic in my blog in September with reference to a study done by a TPM
> manufacturer. See:
> http://www.xml-dev.com/blog/index.php?action=viewtopic&id=243
>
I don't really consider machine authentication to be mutual
authentication. I'd say that the host needs to be authenticated to the
user, based on some cryptographically secure mechanism.
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen
-------------------------------------------------------------------------
Sponsored by: Watchfire
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have
seen, and outlines a guideline for developing secure web applications.
Download our The Twelve Most Common Application-level Hack Attacks
whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTi
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]