Saturday, November 21, 2015

Two-Factor Authentication

Bruce Schneier, for whom I have massive respect, said 10 years ago two-factor authentication is useless for consumer internet (another post more technical, along the same lines).

I think I understand some of what they are saying--it is not a panacea, and probably will do little to deter mass thefts. But it seems to me like it is an important defense against targeted thefts:
  • Targeted doxing, as happened to the CIA director, where someone who  is your personal enemy wants access to your email to embarass you.

  • Acquaintance-theft. Where someone you know gets your password (watching you type it at work, etc) and wants to access your accounts. This would include domestic incidents.
  • Public or shared-computer theft, via the dreaded keystroke-logger.
The second case is particularly important for financial fraud. At least if you are part of a mass-hack, you have some post-facto protection. If you are a one-off, there is a far heavier burden of proof.


.

1 comment: