Letter: Two-factor authentication is vulnerable
Regarding “
Education Department in market for security tools”: The Education Department should wait for results from work being done at several research sites. Two-factor authentication is like longer encryption keys and has several vulnerabilities to access-control malware as well as template hijacking. The weakness is in the system-level architectures and application interfaces.
The bottom line: Dual-factor authentication doesn't buy us anything unless it is handled differently (i.e., entwined). It is perceived to be improved security, but I'm afraid this is another high-cost decision that will be proven wrong in a few years.
R. Ellington SmithNetwork Data Security Inc.What do you think? Paste a comment in the box below (registration required), or send your comment to
[email protected] (subject line: Blog comment) and we'll post it.