the limits of crypto and authentication
Nick Owen
nowen at wikidsystems.com
Sat Jul 9 17:50:02 EDT 2005
I think that the cost of two-factor authentication will plummet in the
face of the volumes offered by e-banking. Also, the more uses for the
token, the more shared the costs will be. The question to me is will
the FIs go with a anything beyond secure cookies, IP address validation
and unique images. Will they be forced to by the powers that be or by
disclosure requirements after the basic systems are thwarted?
I also think that the lower end cell phone is now capable of handling
the task. While a PC client may not be very secure, it does offer some
potential benefits such as auto-validating SSL certs. Whether the
carriers will bother with a potential revenue stream in two-factor
authentication when they can make more money in ringtones is another
question - back to the business model ;).
Ian Grigg wrote:
> FTR, e-gold were aware of the general makeup of this
> threat since 1998 and asked someone to look at it. The
> long and the short was that it was more difficult to solve
> than at first claimed, so the project was scrapped. This
> was a good risk-based decision. The first trojans that I
> know of for e-gold weren't spotted until 12-18 months
> ago, so it was also a profitable decision. What they are
> doing now I don't know.
>
> In the payments world we've known how to solve all
> this for some time, since the early 90s to my knowledge.
> The only question really is, have you got a business
> model that will pay for it, because any form of token is
> very expensive, and the form of token that is needed -
> a trusted device to put the application, display, keypad
> and net connection on - is even more expensive than
> the stop-gap two-factor authentication units commonly
> sold.
>
> iang
--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list