[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor-Friendly Two-Factor Authentication?



Hi Tor Talkers and Mr. Nobody,

you wrote: 
As far as I know, to implement 2 factor authentication in terms of the
codes that many websites have, the only thing you need is to generate
random numbers coming from seed that the webpage/bank you want to
authenticate to know. This simple setup by no means need to be privacy
invading.

You are right and perhaps we mean the same but saying it differently. the calculation should be done outside the device you use to enter the authentication code. the calculation may be even done by human's brain but then it may be necessary to have a randomly changing icon-set at a click-input-box so you have a sort of encryption after calculation like a display of a keyboard with an unusual appearance/setting of all keys. then it is not only important to proof the correct input but also the time it was needed to do so. humans are slower than machines.

at the cashpoint in supermarkets or banks you press your PIN on metal or plastic numbers, someone could easily take a thermic picture when you are already out of sight and the more heated numbers are pressed at last. sure you can place your hand on all numbers to avoid that.
when the numbers are randomly assembled on a display a thermic picture would not help and not a video from a far to look where your fingers where in case only at a certain ankle the display could be seen good enough.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk