Comments on: Hack the Gibson #90 https://grey-panther.net/2007/08/hack-the-gibson-90.html Just another WordPress site Thu, 22 May 2008 04:13:49 +0000 hourly 1 https://wordpress.org/?v=6.9.4 By: Unknown https://grey-panther.net/2007/08/hack-the-gibson-90.html#comment-721 Thu, 22 May 2008 04:13:49 +0000 https://grey-panther.net/?p=825#comment-721 Hey Steve, any updated opinions on PhoneFactor, especially relative to thin clients like terminal services? For example, how about a pin-based solution entered into the phone?

]]> By: Steve Dispensa https://grey-panther.net/2007/08/hack-the-gibson-90.html#comment-792 Fri, 03 Aug 2007 08:06:12 +0000 https://grey-panther.net/?p=825#comment-792 It’s both #2 and #3 – the image is supposed to authenticate the server to you, and you’re supposed to authenticate yourself to the server using both your cookie and your password, making it (in their words), two-factor.

Only problem is that it’s not two-factor. At best, it’s 1+1 factor. If you can copy the “something you have” easily, it behaves (from a security perspective) much more like “something you know.”

I blogged more about this here:

http://blog.phonefactor.net/?p=15

]]>