It's not the application that provides the 2nd factor, its the certificate or private key or whatever. The application just provides the mechanism to utilize that cryptopgraphic material that provides the 2nd factor for your authentication needs.
On Sat, Nov 10, 2012 at 10:35 AM, Robin Wood <[email protected]> wrote: > On 10 November 2012 12:48, Herndon Elliott <[email protected]> wrote: > >> Subject: [Pauldotcom] Soft Tokens?? > >> What are your thoughts on software tokens as a two factor auth > solution? Would like to hear both sides. And if your 'for' then which > solutions/products have you used. And by all means if you have pwn'd a two > factor soft token login, please share (if you can). > > > > Isnt "two factor" and "software token" mutually exclusive? While a > > software implementation of two factor may emulate the actual hardware > > (the second factor), isnt it actually, really not two factor? Its one > > factor, something you know. The something you have is now just > > another app that the user doesnt really provide? > > I'd disagree with that, an RSA token is just software running on a > custom piece of hardware. What is the difference between the RSA token > and an app running on my Android phone when both are generating > authentication codes. > > Not saying the app is as secure as the hardware token just a different > way to implement it. > > Robin > > > > > Sorry, I have nothing of value to add.... > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
