South Africa On Lockdown - Coronavirus - Update!
Tom Beecher
beecher at beecher.cc
Mon Mar 23 22:02:23 UTC 2020
I see no possible future outcome in which "one simple authentication
mechanism" could ever be remotely close to reasonably secure.
On Mon, Mar 23, 2020 at 5:57 PM Eric Tykwinski <eric-list at truenet.com>
wrote:
> I think that’s the major sticky point, I would hope we could all agree on
> one thing, but that also leaves one entry point of failure. Hopefully we
> can all agree that FIDO2, OAUTH2, et al, with be a winner in the long run
> so everything can just use one simple authentication mechanism.
>
> Sincerely,
>
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
>
> On Mar 23, 2020, at 5:23 PM, Mark Tinka <mark.tinka at seacom.mu> wrote:
>
>
>
> On 23/Mar/20 22:39, Keith Medcalf wrote:
>
> Hardware tokens are nothing more than dedicated hardware TOTP devices with
> perhaps a few additional parameters programmed at manufacturing time.
> Example, RSAID keyfobs are nothing more than TOTP generators with
> manufacturer programmed secrets and dedicated clock and display hardware
> with no external interface which permits access to the secret.
>
>
> For some of my banks, OTP tokens are issued via their device apps. I
> used to have physical key fobs for that; those are now gone.
>
> Admittedly, not all of my banks have made the transition. On the other
> hand, many of the banks have moved on to support Face ID and QR code
> verification via device apps.
>
> Not specific to VPN access management, but in the same vein.
>
> Mark.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200323/28d3b2db/attachment.html>
More information about the NANOG
mailing list