Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS to Trade Passwords for 2-Factor Authentication

Posted by timothy on from the something-borrowed-something-blue dept.

Bret Tobey writes "During a security panel at CEBIT, Microsoft's Senior Director for Trustworthy Computing commented that Longhorn would abandon passwords in favor of two factor authentication. While it's hard to argue for keeping passwords, it does raise questions about where this could all lead. None other than Bruce Schneier pointed out how two factor authentication can fail us."

3 of 449 comments (clear)

  1. Unrelated to Schneier's concerns by lseltzer · · Score: 4, Interesting

    Well, largely unrelated. Schneier argues that there are two major classes of attacks that bypass the issues users encounter in the consumer space. And conversely, that the issues solved by 2 factor authentication aren't the ones encountered by real users.

    But logging into your local computer or the LAN is different, and 2 factor authentication could be helpful. It wouldn't necessarily be helpful against trojan attacks; once an authenticated user infects their own system the attack can continue to run with the credentials of the user. But it should defeat some network attacks and enhance security of systems that are physically compromised.

  2. standard package on Linux already by idlake · · Score: 3, Interesting

    If you want two-factor authentication, you can already get it with Linux, either with a variety of tokens/devices, or with simple strike-out lists. The necessary packages are pre-packaged for Debian and probably lots of other distributions.

    My impression is that it's not very popular. But if Microsoft wants to force their users to use it, good for them. I prefer my OS to give me a choice, and I have had that choice for many years now.

  3. Re:Two Factor Authentication. by Brushfireb · · Score: 3, Interesting

    Im not sure where you live or work, but the whole statement that: "Most businesses require a badge" is just ridiculousness.

    Most large corporations require a badge. However, most businesses are small family-oriented businesses, not large corporations. These businesses have less than 50 employees, and rarely have advanced IT systems. To assume that this wont increase their costs is silly. It most certainly will -- assuming they decide to put it into place at all.

    For more info:
    http://www.census.gov/epcd/www/smallbus.htm l