Wednesday, October 24, 2012

Two-Factor Authentication with a Smartphone

Passwords are now depleted. We used them too much and we need something else. That's my feeling since a few years.
I just hit upon the article by Randall Stross "Doing the Two-Step, Beyond the A.T.M." among the New York Times news. The article first compares using a PIN code to using a password, just like I did some time ago. It then goes into suggesting the generalization of two-factor authentication with the help of a smartphone. Clearly, there's a need and a market here.

Whatever the solutions that will come up in the next years, they'll have to face the following challenges:
  1. Be user-friendly enough.
  2. Be applicable both for individual use and for corporate use (at least, integrate in BYOD processes).
  3. Allow for safe backup methods in case you lose one of the two factors, for instance, a stolen smartphone.
  4. Allow for Single Sign-On : avoid user-side repetitions.
  5. Allow for federation : avoid server-side repetitions, like maintaining similar lists of users in multiple applications.
  6. Allow for automated patches/updates. There will be flaws in the beginning, that will require patching.
Posted by Christophe Pradier-Pfeiffer at 10/24/2012 11:35:00 AM
Tags: , ,

4 comments:

  1. AnonymousOctober 24, 2012 at 6:07 PM

    We all need to be more proactive about our personal account security. But one thing that can’t be stressed enough is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, not enough sites are offering and promoting this option. I feel suspicious when I am not asked to telesign into my account by way of 2FA, it just feels as if they are not offering my info enough protection. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.

    ReplyDelete
  2. Christophe Pradier-PfeifferOctober 24, 2012 at 6:16 PM

    Thanks for the personal comment.

    ReplyDelete
  3. Hernan MatuteOctober 26, 2012 at 7:08 PM

    Christopher,

    That is a good posting. We have developed exactly what the NYT article says and your commentary as to how it should work. The significant barrier of 2FA entry for consumers (corporate has tokens and OTP but expensive..) is cost, trust, and user experience. With the LoginTC (logintc.com), we have achieved all the pre-requisites of security (pre-empt phishing and MITM attacks, convenience (like ATM cards) and use of smartphones and tablets. Great to see your posting. Hernan M

    ReplyDelete
  4. Christophe Pradier-PfeifferDecember 4, 2012 at 12:56 AM

    Thanks for the comment.

    ReplyDelete

I can read French, English, German and Romanian, please feel free to write in whichever language you prefer.

Subscribe to: Post Comments (Atom)