| 1 |
On 17/10/2013 01:21, Walter Dnes wrote: |
| 2 |
> On Mon, Oct 14, 2013 at 10:45:10PM +0200, Alan McKinnon wrote |
| 3 |
> |
| 4 |
>> Access to my backend network is two-factor - ssh keys and decent |
| 5 |
>> passwords. |
| 6 |
> |
| 7 |
> That is *NOT* Two-factor authentication. See |
| 8 |
> http://en.wikipedia.org/wiki/Multi-factor_authentication for the |
| 9 |
> details. Executive summary... Two-factor authentication requires you to |
| 10 |
> present two authentication factors each time. I.e. it's A *AND* B. |
| 11 |
> Your setup is A *OR* B. The usual implimentations include 2 factors... |
| 12 |
> 1) userID+password |
| 13 |
> 2) a small credit-card-sized unit that generates random-looking |
| 14 |
> multi-digit numbers that change every minute. |
| 15 |
> |
| 16 |
> In order to logon the user must enter both the userID+password combo |
| 17 |
> *AND* the current number on the token card. |
| 18 |
> |
| 19 |
|
| 20 |
|
| 21 |
It's a poor choice of words on my part. We do have that exact two-factor |
| 22 |
system to access the network via VPN, but that's just a portal. |
| 23 |
|
| 24 |
Accessing the actual backend network is a two stage process: ssh key to |
| 25 |
the jump host, then password to get onto the actual destination. |
| 26 |
|
| 27 |
So it's "two factor" as a generic English language phrase, not "two |
| 28 |
factor" as a technical description of an exact thing. Keep in mind that |
| 29 |
English is a highly overloaded language :-) |
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
-- |
| 34 |
Alan McKinnon |
| 35 |
alan.mckinnon@×××××.com |
Archives