Comments on: Perfect Paper Passwords http://www.itsecpackets.com/blog/2007/12/20/perfect-paper-passwords/ A Progammer explores the IT Security field; offering packets of useful information he picks up along the way. Tue, 05 Jan 2010 01:34:42 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: ITSec Packets | VIP Access on your IPhone/ITouch http://www.itsecpackets.com/blog/2007/12/20/perfect-paper-passwords/comment-page-1/#comment-326 ITSec Packets | VIP Access on your IPhone/ITouch Sun, 30 Aug 2009 03:54:16 +0000 http://www.itsecpackets.com/blog/?p=21#comment-326 [...] Appolgies for not writting in a while. I hope to make it up to you with this post and future posts with, hopefully, much less than 5 months between. Found a great little app for iPhone/iTouch that gives us home users multi-factor authentication with a cryptographically strong OTP (one time password). Many of us have a similar device to log onto our corporate networks. I have an RSA token from work that spits a new six digit one time code. The OTP adds an additional layer of security when logging onto to a site on the net and makes brute force attacks impossible. We discussed OTP in the post about Steve’s PPPĀ  authentication system. [...] [...] Appolgies for not writting in a while. I hope to make it up to you with this post and future posts with, hopefully, much less than 5 months between. Found a great little app for iPhone/iTouch that gives us home users multi-factor authentication with a cryptographically strong OTP (one time password). Many of us have a similar device to log onto our corporate networks. I have an RSA token from work that spits a new six digit one time code. The OTP adds an additional layer of security when logging onto to a site on the net and makes brute force attacks impossible. We discussed OTP in the post about Steve’s PPPĀ  authentication system. [...]

]]> By: Hugs http://www.itsecpackets.com/blog/2007/12/20/perfect-paper-passwords/comment-page-1/#comment-239 Hugs Mon, 01 Sep 2008 20:23:21 +0000 http://www.itsecpackets.com/blog/?p=21#comment-239 @P it's only part of a two factor authentication "Note that using PPP passcodes for authentication without also requiring a separate secret password would not be secure due to the danger that the PPP passcard could be compromised. For two-factor authentication to enhance security, both assertions "something only you know" and "something only you have" must remain valid. " @P it’s only part of a two factor authentication

“Note that using PPP passcodes for authentication without also requiring a separate secret password would not be secure due to the danger that the PPP passcard could be compromised. For two-factor authentication to enhance security, both assertions “something only you know” and “something only you have” must remain valid. “

]]> By: P http://www.itsecpackets.com/blog/2007/12/20/perfect-paper-passwords/comment-page-1/#comment-45 P Fri, 04 Jul 2008 15:39:07 +0000 http://www.itsecpackets.com/blog/?p=21#comment-45 This is not a very good solution. What if you leave the card on the table for a few minutes and some scans or photocopies the card. They can steal your 2FA device for life ! This is not a very good solution. What if you leave the card on the table for a few minutes and some scans or photocopies the card. They can steal your 2FA device for life !

]]> By: Ben Rothke http://www.itsecpackets.com/blog/2007/12/20/perfect-paper-passwords/comment-page-1/#comment-12 Ben Rothke Tue, 25 Dec 2007 20:09:00 +0000 http://www.itsecpackets.com/blog/?p=21#comment-12 Good find.<br/><br/>But how robust is the product?<br/>GRC is a small company, but is it scalable to work in a 50,000 token environment?<br/><br/>Ben Good find.

But how robust is the product?
GRC is a small company, but is it scalable to work in a 50,000 token environment?

Ben

]]>