tag:blogger.com,1999:blog-8400370148915075091.post7083803868733671178..comments2023-12-12T18:59:45.550+01:00Comments on Security Nirvana: The end of passwordssecuritynirvanahttp://www.blogger.com/profile/11264687350187854173noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-8400370148915075091.post-34535531785066926232011-04-14T09:37:57.865+02:002011-04-14T09:37:57.865+02:00I have yet to see a RL environment where 2-factor ...I have yet to see a RL environment where 2-factor authentication uses something better than a static 4-digit PIN code as one the authenticators used.<br /><br />Adding a second authenticator to the chain shouldn't automatically allow for the weakening of the first authenticator, as we're seeing everywhere. With the recent rumors surrounding RSA as well, that very first authenticator suddenly became important again. <br /><br />But of course, you are correct, and I'll stand corrected. :-)securitynirvanahttps://www.blogger.com/profile/11264687350187854173noreply@blogger.comtag:blogger.com,1999:blog-8400370148915075091.post-31066033354477344802011-04-14T08:48:43.770+02:002011-04-14T08:48:43.770+02:00It's not really beneficial to think of "2...It's not really beneficial to think of "2-factor token authentication" is an alternative to "a password".<br />It's important to think in terms of authenticators. A password is one type of authenticator, nothing more, nothing less.<br />The usual "2-factor token authentication" often consists of a PIN/password (factor 1: something you know) and a token code (generated by factor 2: something you have).remiworknoreply@blogger.com