[Cryptography] Passwords: Perfect, except for being Flawed
Dave Horsfall
dave at horsfall.org
Thu Feb 19 13:49:50 EST 2015
On Thu, 19 Feb 2015, ianG wrote:
> As a meta-comment on passwords: there is a big shift underway now to
> start doing dual factor using the person's phone. It is now clear that
> everyone has a phone, to some statistical certainty, and we can rely on
> it. So every system and his dog has now migrated to using something to
> couple the phone and the password together.
The Australian Government has already started doing this, for welfare
payments etc. In the past, it was email/password/question, and now the
question has been replaced with a code sent to your mobile phone. In an
uncommon display of common sense, there is a way out for those who have
lost their phone etc, involving a telephone call (so you need access to
another phone).
--
Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)
More information about the cryptography
mailing list