Two-factor login not totally useless

Security expert Bruce Schneier recently criticized two-factor authentication, which is designed to improve security by pairing passwords with a second test such as a thumbprint or physical token. This week, he took pains to clarify his position with a defense of the technology as useful if not a cure-all.

In the earlier essay, Schneier said two-factor authentication "solves the security problems we had 10 years ago, not the security problems we have today." Phishing and Trojan horses, for example, are attacks that rely on weaknesses beyond the issue of whether a particular computer user is authenticated.

Schneier's stance was significant, given the embrace of two-factor authentication by influential companies such as Microsoft. But this week, Schneier issued a defense of the technology.

Two-factor identification won't prevent identity theft or fraud, Schneier said on his blog this week, but it is a "long-overdue solution to the problem of passwords," he said.

"It works against passive attacks: eavesdropping and password guessing. It protects against users choosing weak passwords, telling their passwords to their colleagues or writing their passwords on pieces of paper taped to their monitors. For an organization trying to improve access control for its employees, two-factor authentication is a great idea. Microsoft is integrating two-factor authentication into its operating system, another great idea."

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Microsoft leaves Apple in the dust with tablet and laptop innovation in 2015

Will there be one Apple Ring to rule them all? That's what a patent application says. Plus, building the thinnest gadget isn't innovation anymore and Apple just got a reality check from Microsoft.

by Brian Tong