On Di Mai 26 2009, Seth Vidal wrote: > If someone steals my phone - then they can get the txt msg but they can't > get my password that only I know. > > If someone gets my password they have to steal my phone or hijack my txt > msgs to get the other bit. > > > So, how is this better/worse than any other 2factor auth? If someone has only temporary access to your phone, it is a lot easier to tamper it and give it back to you, without you noticing it. Hardware tokens are normally more tamper proof and are not easy to be cloned. Therefore the attacker has to be in posession of the token at the time of the login. Thefore you can be sure that nobody else is logging in as you as long as you have the tokens in your hand. Regards Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
