mobile phone + password = 2 factor auth?
Till Maas
opensource at till.name
Tue May 26 17:02:12 UTC 2009
On Di Mai 26 2009, Seth Vidal wrote:
> If someone steals my phone - then they can get the txt msg but they can't
> get my password that only I know.
>
> If someone gets my password they have to steal my phone or hijack my txt
> msgs to get the other bit.
>
>
> So, how is this better/worse than any other 2factor auth?
If someone has only temporary access to your phone, it is a lot easier to
tamper it and give it back to you, without you noticing it. Hardware tokens
are normally more tamper proof and are not easy to be cloned. Therefore the
attacker has to be in posession of the token at the time of the login. Thefore
you can be sure that nobody else is logging in as you as long as you have the
tokens in your hand.
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20090526/37766a4f/attachment.bin
More information about the infrastructure
mailing list