Sophos Techknow - Two-factor Authentication [PODCAST]

Filed Under: Apple, Featured, Google, Microsoft, Podcast

Welcome to another episode of Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.

In this episode, entitled Two-factor Authentication, Paul Ducklin and Chester Wisniewski investigate the what, the how and the why of the technology often abbreviated to 2FA.

Some of us take it for granted, perhaps because our banks won't let us go online without it; others of us haven't taken to it at all, perhaps because it's an additional complication in online life.

Chet and Duck explain how the predominant forms of 2FA work, and why they make life harder for cybercriminals; they also look candidly at the downsides.

Potential stumbling blocks to the universal acceptance of 2FA include: how you regain control your digital life if you lose the token that regulates your access, and why you'd want to adopt 2FA at all if you are already comfortable with the extent of your legal liability for online losses.

With a number of big players joining the 2FA club in recent weeks, including Apple, and (if the rumours are true) Microsoft, this Techknow podcast is perfectly timed to help you decide whether to hold out or join in.

Listen now:

Listen later:

Download Techknow podcast

Other episodes you might like

, , , , , , ,

You might like

4 Responses to Sophos Techknow - Two-factor Authentication [PODCAST]

  1. d3ad0ne · 866 days ago

    Great article Paul! This is exactly why I've been working on my own version of a 2 factor token that can hold multiple tokens in one. No need to carry around 6 key fobs. -

    • Paul Ducklin · 866 days ago

      Hardware project based on the Atmel AVR ATmega32U4 chip...nice.

      If you do a "next version," how about some kind of display so it can be used with devices that don't have a USB port? With 10 buttons, perhaps it could perform as a challenge/response token? Even a single 7-segment digit might be enough to do the job. (One digit at a time :-)

      • d3ad0ne · 866 days ago

        Thanks Paul, that's on my list of features for the next round, along with bluetooth. The challenge/response idea could be implemented easy enough, and I may add that before final release.

  2. DDD · 866 days ago

    SMS based authentication is useful but itself is QUITE VULNERABLE in that SMS stealers are being built into popular crime kits and using a social engineering approach, or a potentially a technique called applanting, it is MUCH TOO EASY for criminals to install a malicious app on your Android-based smartphone and to capture/steal the 2FA SMS message.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog