2005/04/04
More on effectiveness of strong authentication
Network World has given Bruce Schneier a chance to clarify his position that strong authentication is "Too Little Too Late" and has given RSA's CTO, Joe Uniejewski, a chance to rebut.
While Schneier does clarify that he's not against strong authentication, he seems to think it's not going to be effective against identity theft and fraud. He references the fact that credit card companies pay little attention to authenticating the identity of the individual and focus on authenticating the transaction. However, he seems to think that two-factor authentication can't do this! As I have discussed before why not?? This seems like a great solution. Log in with your password, but when you want to do a transaction, give us the one-time password.
Uniejewski's response misses this fact, unfortunately. He indicates that RSA is looking at ways to "raise the standard authentication interfaces".
Both authors agree that passwords are past their prime.
It's a complex issue that threatens online banking and ecommerce. There are a number of attacks on the client, the servers and the network that make it difficult for one single solution to fix all the problems. If you look at the credit card processing systems and ATM systems out there, you can see the complexity that has developed to address security. It is important to remember that it is an ongoing battle and also that the risk needs to be minimized to a point where it can be insured against.
While Schneier does clarify that he's not against strong authentication, he seems to think it's not going to be effective against identity theft and fraud. He references the fact that credit card companies pay little attention to authenticating the identity of the individual and focus on authenticating the transaction. However, he seems to think that two-factor authentication can't do this! As I have discussed before why not?? This seems like a great solution. Log in with your password, but when you want to do a transaction, give us the one-time password.
Uniejewski's response misses this fact, unfortunately. He indicates that RSA is looking at ways to "raise the standard authentication interfaces".
Both authors agree that passwords are past their prime.
It's a complex issue that threatens online banking and ecommerce. There are a number of attacks on the client, the servers and the network that make it difficult for one single solution to fix all the problems. If you look at the credit card processing systems and ATM systems out there, you can see the complexity that has developed to address security. It is important to remember that it is an ongoing battle and also that the risk needs to be minimized to a point where it can be insured against.
- Category(s)
- Strong Authentication
- Two Factor Authentication
- The URL to Trackback this entry is:
- http://www.wikidsystems.net/WiKIDBlog/22/tbping
Re:More on effectiveness of strong authentication
Posted by
Anonymous User
at
Mar 22, 2007 07:17 AM
2fa as a captcha
Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
Simpy
