mobile phone + password = 2 factor auth?
Seth Vidal
skvidal at fedoraproject.org
Tue May 26 15:01:49 UTC 2009
On Tue, 26 May 2009, Seth Vidal wrote:
> I was changing some settings with my mobile phone company and in order to
> change my password they made me use what looks a lot like 2 factor auth:
>
> something I know: my current password
> something I have: my phone
>
> I logged in with my current password - then they txt'd me a temporary
> password which I had to type in to verify I was me.
>
> Which got me to wondering - if most people have a mobile phone and/or have
> access to one - why couldn't we use that as the second factor for our auth?
>
> Now, my question is - what is dangerous/silly about this?
Jeremy mentioned some potential problems on jabber:
1. no guaranteed message delivery time
2. cost structure of sending/receiving a lot of txt msgs.
In both cases I'd be curious how that ends up in practice.
-sv
More information about the infrastructure
mailing list