Bill Frantz wrote: > > At 4:06 PM -0800 1/28/02, [EMAIL PROTECTED] wrote: > >at least part of the fingerprint as a PIN ... isn't the guessing issue &/or > >false positives .... it is the forgetting issue (and the non-trivial number > >of people that write their PIN on the card). > > Or to state it another way. These cards attempt to use two factor > authentication, what you have (the card) and what you know (the PIN). When > a user writes the PIN on the card, it becomes one factor authentication. > Almost anything that returns it to being two factor security would be an > improvement. (Biometrics offers the possibility of 3 factor authentication. > > What would be really nice is to be able to have the same PIN/password for > everything. With frequent use, forgetting it would be less of a problem, > as would the temptation to write it down. However, such a system would > require that the PIN/password be kept secret from the verifier (including > possibly untrusted hardware/software used to enter it.
This is why you need to carry your verifying equipment around with you - a PDA with a decent OS is the way to go, IMO. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
