Multi-Factor Authentication for Login Security

As an alternative to passwords, maddog looks at various types of multi-factor authentication, as well as considerations drawn from his experience.

Recently a large, closed source software company announced their operating system would allow the user to opt out of using passwords. They indicated that passwords were difficult to manage (agreed), and many times people forget them or use the same passwords for many accounts (which many people do), so now users will be given the ability to use multi-factor authentication (MFA) to avoid using passwords and instead use some other authentication methods to protect themselves. Sounds great … on the surface.

I already know of people that are using their phones to do MFA. When you log in to some web service for the first time during a login session, a message gets sent to your smartphone to acknowledge that someone is trying to log on to your account and to verify that the person is you.

However, using your smartphone has some issues.

[…]

Use Express-Checkout link below to read the full article (PDF).

Posted by Contributor