Comments on: Web Security – Authentication Factors

By: Dragon Blogger

Dragon Blogger — Mon, 31 Oct 2011 17:26:16 +0000

Identity Profiling based on history is also gaining in popularity, look at any credit bureau login to see what it looks like.

By: Sentry Safe

Sentry Safe — Sat, 24 Oct 2009 19:23:03 +0000

I think there are a lot of options in true factor. Voice recognition in addition to personal PINS and passwords is becoming very popular in online banking.

By: dragonblogger

dragonblogger — Wed, 12 Aug 2009 14:29:44 +0000

I should have mentioned OTP (One Time Passwords) as an additional layer of security, though it is still in the “Something You Have” category and is not true two-factor unless combined with one other category.

By: Nakkiran

Nakkiran — Wed, 12 Aug 2009 06:56:37 +0000

Hi, have a look at FireID. Instead of carrying hardware fobs, your OTP is generated on your mobile phone itself, ie., no SMS’s. And the application is PIN protected, ensuring a secure two-factor authentication method using everyone already has

By: dragonblogger

dragonblogger — Tue, 11 Aug 2009 23:18:07 +0000

This is called 1+ Factor authentication and leverages two “Something you Know” items. It is the same category as having a username/password and some security questions, it is not true 2-factor authentication, in most cases it is completely useless since you often already entered the username/password and just accept past the image, it doesn’t prompt you for another passphrase. From a web security perspective there is no additional security benefit by showing you a picture with a little phrase (ING does it as well), it is more to throw up a warning in case you logged into a different account or site, or if your image doesn’t match what you remember it could mean someone changed it, but that is extremely unlikely.