I would tend to have to agree with a lot of the
responses to this thread. If the machine is in fact compromised we cannot
know if MITM attacks are occuring or if a OTP is being stolen by a fake website
(or the likes). We also don't know if the user has their password and
information in size 72 font printed out and posted on the wall. The point
is that none of this matters. While it is definitely good input, it does
not help answer the OP's question. It would seem to me that two-factor
authentication (implemented correctly) would be perfect for this
matter.
I saw that someone wrote earlier that the one time
token from the two-factor could just be logged and entered in again real
quickly. I don't know this to be the case. For example, I have never
been in an environment that used RSA SecurID that would allow for a second use
the the token. If I logged into a website or box and then 5 seconds later
tried to logon another (or the same) machine, it would deny the
authentication. IMO OTPs or two-factor (pin + OTP) would be a great fit
for this problem.
Steven
|
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/