Letter: Two-factor authentication is vulnerable

Feb 25, 2008

Regarding “Education Department in market for security tools”: The Education Department should wait for results from work being done at several research sites. Two-factor authentication is like longer encryption keys and has several vulnerabilities to access-control malware as well as template hijacking. The weakness is in the system-level architectures and application interfaces.

The bottom line: Dual-factor authentication doesn't buy us anything unless it is handled differently (i.e., entwined). It is perceived to be improved security, but I'm afraid this is another high-cost decision that will be proven wrong in a few years.

R. Ellington Smith
Network Data Security Inc.

What do you think? Paste a comment in the box below (registration required), or send your comment to letters@fcw.com (subject line: Blog comment) and we'll post it.

E-Mail this page

Printable Format

Featured

Editor's Note

Fed 100 nominations and the ongoing shutdown

FCW can't do much about the furloughs and potentially missed paychecks, but the shutdown won't prevent Federal 100 Award nominations from being submitted.
Congress

House plans to pass funding bill that includes pay raise for feds

Democrats will vote on an appropriations package to reopen all the federal agencies shuttered during the partial shutdown, but the lack of wall funding will likely means the measure won't get a vote in the Senate.
Workforce

Trump nixes planned pay raise for feds

With shutdown talks at an impasse, the White House finalized plans to freeze federal pay at 2018 levels.

Advanced Search

Stay Connected

FCW Update

Email Address

Country

Terms and Privacy Policy consent

Yes, I agree No, I don't agree

Select primary job function

Select agency/branch/business type

I agree to this site's Privacy Policy.

Letter: Two-factor authentication is vulnerable

Featured

Fed 100 nominations and the ongoing shutdown

House plans to pass funding bill that includes pay raise for feds

Trump nixes planned pay raise for feds

Stay Connected

FCW Update

New from FCW

Acquisition frozen at DHS due to the shutdown

House Dems shutter IT panel

DHS issues emergency directive to counter DNS hijacking campaign

Second month of furlough brings changes for workforce

Month-long shutdown shows no signs of ending

Why cloud market share matters

Top data and automation trends for 2019

Is it time to buy a drone?

In cloud security, automation does not mean automatic

As states lag on cyber training, agencies are fertile phishing grounds

As states lag on cyber training, agencies are fertile phishing grounds

Can DARPA secure the electronics supply chain?