Home page logo
/

basics logo Security Basics mailing list archives

Re: Evaluating Two Factor Authentication
From: Meenal Mukadam <meenal.mukadam () niiconsulting com>
Date: Tue, 5 Oct 2010 13:59:37 +0530

Dear Mufambisi,

You can use the following procedure to generate your own:
1) Understand the mechanism of 2-factor authentication
2) Understand the limitations, risks and threat environment of the
2-factor authentication mechanism/s
3) Develop specific cases or an assessment checklist (it can cover
points like technological risks assessment, assessment of
configuration or deployment, load/stress handling capability, etc.)
4) Execute your assessment based on the cases you developed

A generic reference material:

Testing Multiple Factors Authentication (OWASP-AT-009)
http://www2.owasp.org/index.php/Testing_Multiple_Factors_Authentication_(OWASP-AT-009)


Thanks and Regards,

Meenal A. Mukadam




On Sat, Oct 2, 2010 at 4:14 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:

i realise i did not ask my question properly. Im sorry. What i need is
a primer on the two factor authentication inherent risks or the two
factor authentication threat model to the service, processes (user
registration, token issuance etc) and infrastructure (HSM etc). Assume
the two factor is implemented on online banking.

On 10/1/10, TAS <p0wnsauc3 () gmail com> wrote:
If you want to understand the concepts then Wikipedia should be a good start

TAS

On 1 October 2010 06:19, M.D.Mufambisi <mufambisi () gmail com> wrote:
Hi,

I will be evaluating 2 factor authentication scheme in the next coming
days.
Is there anyone who can point me to some good resources on this?
Whitepapers..documents...anything?

Regards

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and
how your customers can tell if a site is secure. You will find out how to
test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted
to help you ensure efficient ongoing management of your encryption keys
and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]