MS to Trade Passwords for 2-Factor Authentication

Bret Tobey writes "During a security panel at CEBIT, Microsoft's Senior Director for Trustworthy Computing commented that Longhorn would abandon passwords in favor of two factor authentication. While it's hard to argue for keeping passwords, it does raise questions about where this could all lead. None other than Bruce Schneier pointed out how two factor authentication can fail us."

Unrelated to Schneier's concerns

[lseltzer]

Well, largely unrelated. Schneier argues that there are two major classes of attacks that bypass the issues users encounter in the consumer space. And conversely, that the issues solved by 2 factor authentication aren't the ones encountered by real users.

But logging into your local computer or the LAN is different, and 2 factor authentication could be helpful. It wouldn't necessarily be helpful against trojan attacks; once an authenticated user infects their own system the attack can continue to run with the credentials of the user. But it should defeat some network attacks and enhance security of systems that are physically compromised.