[LINK] Security tokens

Avi Miller avi.miller at squiz.net
Wed Nov 14 19:14:21 AEDT 2007


On 14/11/2007, at 8:53 PM, David Lochrin wrote:

>   Many banks are issuing tokens these days.  I have seen two, and  
> both display a 6-digit number which must be entered on another  
> screen after logging in with the usual userid and password.  There's  
> no challenge / response process, and the numbers are claimed to be  
> non-repeating.

I would've thought these would be 2-factor authentication tokens:  
"What you know" and "What you have" -- you require both a 4-digit PIN  
("What you know") and the 6-digit number from your token ("What you  
have"). The SecurID server then compares the PIN with the Token and  
determines whether or not that is valid. How that happens, I actually  
don't know yet. I keep meaning to research it and then something  
slightly more shiny comes up.

cYa,
Avi

-- 
MySource Matrix Product Evangelist

< Sydney / Melbourne / Canberra / Hobart / London />
   2/340 Gore Street      T: +61 (0) 3 9235 5400
   Fitzroy, VIC           F: +61 (0) 3 9235 5444
   3202                   W: http://www.squiz.net/

.....>> Open Source  - Own it  -  Squiz.net ...../>







More information about the Link mailing list