Letter: Two-factor authentication is vulnerable

  • Feb 25, 2008
Regarding “Education Department in market for security tools”: The Education Department should wait for results from work being done at several research sites. Two-factor authentication is like longer encryption keys and has several vulnerabilities to access-control malware as well as template hijacking. The weakness is in the system-level architectures and application interfaces.

The bottom line: Dual-factor authentication doesn't buy us anything unless it is handled differently (i.e., entwined). It is perceived to be improved security, but I'm afraid this is another high-cost decision that will be proven wrong in a few years.

R. Ellington Smith
Network Data Security Inc.


What do you think? Paste a comment in the box below (registration required), or send your comment to letters@fcw.com (subject line: Blog comment) and we'll post it.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.