Re: mobile phone + password = 2 factor auth?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 26, 2009 at 10:08 AM, Till Maas <opensource@xxxxxxxxx> wrote:
> On Di Mai 26 2009, Seth Vidal wrote:
>> On Tue, 26 May 2009, Till Maas wrote:
>> > On Di Mai 26 2009, Jesse Keating wrote:
>> >> On Tue, 2009-05-26 at 17:44 +0200, Till Maas wrote:
>> >>> A problem with phones is, that they are typically not as secure as
>> >>> hardware tokens. Users can install custom software on them. Also the
>> >>> phone may be compromised via bluetooth. It might be even possible to
>> >>> directly access text messages via bluetooth or maybe also wifi
>> >>> nowadays.
>> >>
>> >> Wouldn't that be why you have to combine what comes up on your phone
>> >> with the password you know, so that just the phone alone can't get you
>> >> in?
>> >
>> > Here is another attack scenario: The attacker first attacks the desktop
>> > to obtain the password. But then he also compromises the phone once it is
>> > connected to the desktop to synchronize some data, e.g. contacts, music
>> > or software. Then the attacker got both factors without having physical
>> > access on the phone.
>>
>> Both of them assume an attacker targetting someone on our system.
>
> Why is this? Even an attacker that got access to your desktop without
> specifically targetting a Fedora infrastructure team member can afterwards
> compromise your phone, once he noticed that you use it to login to Fedora. The
> browser cache or e-mails may indicate that you login to Fedora and some config
> files for phone synchronization can show the attacker, how the phone can be
> compromised.
>

Part of security work is analysis of the perceived risk and mitigation
strategies or acceptance of that risk.

I think that using a mobile phone as part of a two-factor auth scheme
is a good idea, despite the inherent risks of the platform. It's a
relatively low cost item that nearly everyone has or can obtain.

While it's not a very secure object on it's own, I think that because
it's only one factor in a two factor scheme, it's still useful and
'good enough' for this purpose. I would be willing to accept the risks
of using this as a part of our auth scheme. My perception of those
risks is that there is a sufficient level of effort required on the
part of the attacker as to make an attack non-trivial and reasonably
time consuming.

---Brett.

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux