[LINK] Security tokens
Avi Miller
avi.miller at squiz.net
Wed Nov 14 19:14:21 AEDT 2007
On 14/11/2007, at 8:53 PM, David Lochrin wrote:
> Many banks are issuing tokens these days. I have seen two, and
> both display a 6-digit number which must be entered on another
> screen after logging in with the usual userid and password. There's
> no challenge / response process, and the numbers are claimed to be
> non-repeating.
I would've thought these would be 2-factor authentication tokens:
"What you know" and "What you have" -- you require both a 4-digit PIN
("What you know") and the 6-digit number from your token ("What you
have"). The SecurID server then compares the PIN with the Token and
determines whether or not that is valid. How that happens, I actually
don't know yet. I keep meaning to research it and then something
slightly more shiny comes up.
cYa,
Avi
--
MySource Matrix Product Evangelist
< Sydney / Melbourne / Canberra / Hobart / London />
2/340 Gore Street T: +61 (0) 3 9235 5400
Fitzroy, VIC F: +61 (0) 3 9235 5444
3202 W: http://www.squiz.net/
.....>> Open Source - Own it - Squiz.net ...../>
More information about the Link
mailing list