1 |
On Mon, Oct 14, 2013 at 10:45:10PM +0200, Alan McKinnon wrote |
2 |
|
3 |
> Access to my backend network is two-factor - ssh keys and decent |
4 |
> passwords. |
5 |
|
6 |
That is *NOT* Two-factor authentication. See |
7 |
http://en.wikipedia.org/wiki/Multi-factor_authentication for the |
8 |
details. Executive summary... Two-factor authentication requires you to |
9 |
present two authentication factors each time. I.e. it's A *AND* B. |
10 |
Your setup is A *OR* B. The usual implimentations include 2 factors... |
11 |
1) userID+password |
12 |
2) a small credit-card-sized unit that generates random-looking |
13 |
multi-digit numbers that change every minute. |
14 |
|
15 |
In order to logon the user must enter both the userID+password combo |
16 |
*AND* the current number on the token card. |
17 |
|
18 |
-- |
19 |
Walter Dnes <waltdnes@××××××××.org> |
20 |
I don't run "desktop environments"; I run useful applications |