Shostack + Friends Blog Archive


The Down Side of "Strong" Authentication

Brad Stone has a great article in Wired about his car being stolen and the insurance company insisting that he must be lying because he still had all of his fancy RFID enabled keys. This assumption that the security system is perfect is going to continue to bite consumers especially as banks move to two-factor authentication. I see scenarios where malicious parties will make use of trojans or man in the middle attacks to steal and banks and vendors, leaning on the use of products like SecurID, will shift the liability to the customer. Fortunately for Brad he got his car back in the end, read the full article, he has a great analysis of the moving target that is security.

2 comments on "The Down Side of "Strong" Authentication"

Comments are closed.