Sunday, December 31, 2006

Bringing down the house.

There have been so many action movies where the use of access tokens is demonstrated. They really are small devices which usually provide a long string of numbers, which periodically changes and only the device owner knows about it. Therefore it must be the ultimate form of secure authentication. Right?

Well, it's not a bad idea to start with. The problem is that humans are always involved in the process. Like an IT Security director who suggested users should attach their personal access token on the computer they are using to prevent them from misplacing it. OMG. It's like using a sticker with your username and password on top of the screen, version 2.0.

As you can understand the system itself may be sufficiently secure but the way it is deployed and used may severely counteract its benefits.

P.S.: And of course there have been and always will be stupid people :P

No comments: