I see no possible future outcome in which "one simple authentication mechanism" could ever be remotely close to reasonably secure.
On Mon, Mar 23, 2020 at 5:57 PM Eric Tykwinski <eric-l...@truenet.com> wrote: > I think that’s the major sticky point, I would hope we could all agree on > one thing, but that also leaves one entry point of failure. Hopefully we > can all agree that FIDO2, OAUTH2, et al, with be a winner in the long run > so everything can just use one simple authentication mechanism. > > Sincerely, > > Eric Tykwinski > TrueNet, Inc. > P: 610-429-8300 > > On Mar 23, 2020, at 5:23 PM, Mark Tinka <mark.ti...@seacom.mu> wrote: > > > > On 23/Mar/20 22:39, Keith Medcalf wrote: > > Hardware tokens are nothing more than dedicated hardware TOTP devices with > perhaps a few additional parameters programmed at manufacturing time. > Example, RSAID keyfobs are nothing more than TOTP generators with > manufacturer programmed secrets and dedicated clock and display hardware > with no external interface which permits access to the secret. > > > For some of my banks, OTP tokens are issued via their device apps. I > used to have physical key fobs for that; those are now gone. > > Admittedly, not all of my banks have made the transition. On the other > hand, many of the banks have moved on to support Face ID and QR code > verification via device apps. > > Not specific to VPN access management, but in the same vein. > > Mark. > > >