Monday, January 19, 2009

Security: Two factor Authentication Spreads

One for Technollama this :-)

We all know about the physical tokens or dongles you can now get to provide two factor authentication for your online banking services. In fact Pangloss was recently surprised to discover she could now not set up a new online payee without the use of one, on her RBOS account: it arrived in the post this morning by which time she had made the payment by phone:-) Anyway.

Some World of Warcraft players are now apparently so worried at the idea of their account being haXXored (leet spelling not authenticated..) by Chinese gold farmers etc that Blizzard is selling them two factor authentication as well. Interesting..


Anonymous said...

If these 2-fator dongles are going to become more common, and they're all the size of a key-fob (because it's handy, and you can put it on your keyring), how long will it be before it becomes impossible to carry them all around with you?

Also, how long will it be until someone breaks the RNG on the chip used in 90% of the devices?

pangloss said...

Yes exactly. I already have one friend who resents she can't do her online banking at work cos she'd have to carry it round in her handbag.. They do seem to be becoming the equaivalent of "phew I've solved that one now".

GrahamIX said...

In an ideal world, your bank or other trusted institution would open up your two-factor protected online authentication to third parties, allowing you to carry a single dongle. Is there an extension to OpenId that allows this I wonder...?