Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS to Trade Passwords for 2-Factor Authentication

Posted by timothy on from the something-borrowed-something-blue dept.

Bret Tobey writes "During a security panel at CEBIT, Microsoft's Senior Director for Trustworthy Computing commented that Longhorn would abandon passwords in favor of two factor authentication. While it's hard to argue for keeping passwords, it does raise questions about where this could all lead. None other than Bruce Schneier pointed out how two factor authentication can fail us."

3 of 449 comments (clear)

  1. two factor by rider_prider · · Score: 0, Redundant

    something you have and something you know. like a rsa fob, username and password or something biometric, a username and password

  2. Solves the wrong problem. by Sheetrock · · Score: 1, Redundant
    As I see it, two-factor authentication may work fairly well for local installations, but for remote access it falls short of the security mark because it is still susceptible to trojan horses/virii on the user's system or to middleman attack between the client and server.

    Most security professionals agree that authentication should involve something you have rather than something you remember -- such as a fingerprint, smart card or optical scan instead of a password or PIN number. Soon we will use smart cards that use public key encryption to communicate with servers for authentication as they do not require security on the local system or network to retain their potential.

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




  3. Re:A question worth asking by Txiasaeia · · Score: 0, Redundant

    How about the current hour multiplied by a specific number known only to you? Easy to remember both numbers and difficult to crack (assuming the number is large enough).

    --
    Condemnant quod non intellegunt.