Multi-factor authentication
Eric Christensen
eric at christensenplace.us
Sat May 2 02:02:26 UTC 2009
On Fri, May 1, 2009 at 19:08, Mike McGrath <mmcgrath at redhat.com> wrote:
> * Implementation details still unclear though it was generally
> considered that "yubikey + ssh key" were both "something you have".
> Meaning it'd be "yubikey + fas password" "Something you have +
> something you know" as is common with most multifactor authentication
> mechanisms.
> Questions comments?
>
> -Mike
In my opinion, a hardware token is much more secure when compared to a
software token. In either case you would still want to require the
use of some sort of passphrase (fas password) to maintain the
multi-factor which would mitigate the risk of having the token stolen.
I've been doing a bit of research on the Yubikey solution for a DoD
project I'm working on and have been impressed by how it is designed
and how easy it is for a non-geek to understand and use. Still trying
to figure out my own implementation, however, so I haven't had an
opportunity to use it.
Just my two cents worth.
Eric "Sparks"
More information about the infrastructure
mailing list