|
WebApp Sec
mailing list archives
RE: Two-Factor Authentication on the Web
From: "Gaydosh, Adam" <GaydoshA () ctc com>
Date: Sun, 2 Jul 2006 18:09:41 -0400
"But even when biometric authentication "works", it still does
not prove my _identity_, it just proves that I am who *I said*
I am, which is another thing entirely;"
Umm... I don't follow. How could your DNA (I would waver on
this one since I heard somewhere that twins could have the
same DNA), fingerprint, retinal scan, etc, not be unique to
you and only you?
I think the idea is that the concept of 'identity' which we are
attempting to authenticate is not an inherent characteristic of our
bodies, but something that has been officially associated with a given
biometric by the issuing authority, e.g. my SSN, Account Name, etc...are
not in my DNA.
-------------------------------------------------------------------------
Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of
sensitive data - personal, medical and financial - are exchanged, and
stored. Consumers expect and demand security for this information. This
whitepaper examines a few vulnerability detection methods - specifically
comparing and contrasting manual penetration testing with automated
scanning tools. Download "Automated Scanning or Manual Penetration
Testing?" today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: Two-Factor Authentication on the Web Gaydosh, Adam (Jul 02)
|
Intro
