begin quoting Todd Walton as of Wed, Dec 05, 2007 at 09:56:23AM -0600: > Anybody know anything about two factor authentication? > > What if I gave a token to the neighbor kid and told him to take it to > my Aunt Millie across town. An hour later Aunt Millie calls me on our > ultra-secure encrypted point to point telephone line to say that she > has it. So I open my control panel and synchronize the server with > her token, and then set her a PIN. > > Was having the token out of my control for that hour a security consideration?
How valuable is the information you and Aunt Millie exchange? Who had control of it before you had the token? Untrusted third parties? How trustworthy is your neighbor kid? Would you leave him alone with your computer for an hour? Or your ultra-secure telephone hardware? Yes, it's a potential consideration. But there are probably a lot more worthwhile security issues to worry about before you get too paranoid about a potentially subverted courier. -- How long have you known the kid? The parents? How does he react to you? Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
