Comments on: Stronger and simpler authentication http://blogs.kuppingercole.com/kuppinger/2009/06/30/stronger-and-simpler-authentication/ KuppingerCole Wed, 08 Feb 2012 09:08:03 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Neil http://blogs.kuppingercole.com/kuppinger/2009/06/30/stronger-and-simpler-authentication/comment-page-1/#comment-160 Neil Mon, 10 Aug 2009 09:41:04 +0000 http://blogs.kuppingercole.com/kuppinger/?p=189#comment-160 Actually, we thought up a way round that too, it's a PoC at present, but usign the base concept, then add in a transaction specific grID, and a second channel... Simple for the user, no additional hardware & secure from MitM. Actually, we thought up a way round that too, it's a PoC at present, but usign the base concept, then add in a transaction specific grID, and a second channel… Simple for the user, no additional hardware & secure from MitM.

]]> By: Jack http://blogs.kuppingercole.com/kuppinger/2009/06/30/stronger-and-simpler-authentication/comment-page-1/#comment-115 Jack Thu, 02 Jul 2009 19:57:22 +0000 http://blogs.kuppingercole.com/kuppinger/?p=189#comment-115 Wouldn't this be susceptible to a Man in the Middle attack, just like using a more conventional One Time Password would be? The attack is: (1) website displays grid to MITM; (2) MITM displays grid to victim; (3) victim enters correct sequence of numbers; (4) MITM collects correct sequence of numbers and replays to website. I wish someone would come up with a way of making client-side certificates practical. Wouldn't that be the best way to do strong authentication? Wouldn't this be susceptible to a Man in the Middle attack, just like using a more conventional One Time Password would be? The attack is: (1) website displays grid to MITM; (2) MITM displays grid to victim; (3) victim enters correct sequence of numbers; (4) MITM collects correct sequence of numbers and replays to website.

I wish someone would come up with a way of making client-side certificates practical. Wouldn't that be the best way to do strong authentication?

]]> By: Stronger and simpler authentication | Martin Kuppinger http://blogs.kuppingercole.com/kuppinger/2009/06/30/stronger-and-simpler-authentication/comment-page-1/#comment-114 Stronger and simpler authentication | Martin Kuppinger Tue, 30 Jun 2009 19:19:37 +0000 http://blogs.kuppingercole.com/kuppinger/?p=189#comment-114 [...] See the original post here:  Stronger and simpler authentication | Martin Kuppinger [...] [...] See the original post here:  Stronger and simpler authentication | Martin Kuppinger [...]

]]> By: code technology http://blogs.kuppingercole.com/kuppinger/2009/06/30/stronger-and-simpler-authentication/comment-page-1/#comment-113 code technology Tue, 30 Jun 2009 17:15:39 +0000 http://blogs.kuppingercole.com/kuppinger/?p=189#comment-113 The appeal, of course, is that the organization doesn't have to provision a physical device or card. And unlike SMS text and grid cards, the memorizing of a pattern eliminates the risk of interception (except for the call center identity verification where the user entered from grid card). Potentially brilliant... any known holes? Mike The appeal, of course, is that the organization doesn't have to provision a physical device or card. And unlike SMS text and grid cards, the memorizing of a pattern eliminates the risk of interception (except for the call center identity verification where the user entered from grid card).

Potentially brilliant… any known holes?

Mike

]]> By: Jackson http://blogs.kuppingercole.com/kuppinger/2009/06/30/stronger-and-simpler-authentication/comment-page-1/#comment-111 Jackson Tue, 30 Jun 2009 16:40:53 +0000 http://blogs.kuppingercole.com/kuppinger/?p=189#comment-111 This is exactly why we OEM'ed GrIDsure for our Defender product here at Quest Software. This is exactly why we OEM'ed GrIDsure for our Defender product here at Quest Software.

]]>