Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS to Trade Passwords for 2-Factor Authentication

Posted by timothy on from the something-borrowed-something-blue dept.

Bret Tobey writes "During a security panel at CEBIT, Microsoft's Senior Director for Trustworthy Computing commented that Longhorn would abandon passwords in favor of two factor authentication. While it's hard to argue for keeping passwords, it does raise questions about where this could all lead. None other than Bruce Schneier pointed out how two factor authentication can fail us."

2 of 449 comments (clear)

  1. Re:A question worth asking by Anonymous Coward · · Score: 5, Insightful

    Two Factor Identification: A way for M$ to require every user has a dongle to reduce piracy, promote DRM/TCPA and marginalize competitors. Heil Microsoft!

  2. Re:A question worth asking by nine-times · · Score: 5, Insightful
    A password and a key, or a fingerprint and a smartcard, etc. Basically oyu have three ways you can authenticate yourself:

    Something you have (a key, a smartcard)
    Something you know (a password, a PIN)
    Something you are (a fingerprint, a voiceprint)

    It's much more secure to use two of those than it is to use just one. Each one has a failing, security wise, and it's different than the failings of the others. So if you use two, you make it much less likely that someone will be able to compramise your security.

    On a side note, although the idea of biometrics and keycards sounds cooler than a password, there's a reason why computer security has been using the "something you know" for so long. Of the three, it's generally hardest to steal, hardest to fake, and easiest to change (in case someone else does gain access).

    I'm not arguing that using 2 (or 3) factors won't be generally more secure than using 1, but people do tend to be quick to jump on the bandwagon of shiney new things, and the fact is that a good password is a good start to a good security setup.