Two-factor login not totally useless

Security expert Bruce Schneier recently criticized two-factor authentication, which is designed to improve security by pairing passwords with a second test such as a thumbprint or physical token. This week, he took pains to clarify his position with a defense of the technology as useful if not a cure-all.

In the earlier essay, Schneier said two-factor authentication "solves the security problems we had 10 years ago, not the security problems we have today." Phishing and Trojan horses, for example, are attacks that rely on weaknesses beyond the issue of whether a particular computer user is authenticated.

Schneier's stance was significant, given the embrace of two-factor authentication by influential companies such as Microsoft. But this week, Schneier issued a defense of the technology.

Two-factor identification won't prevent identity theft or fraud, Schneier said on his blog this week, but it is a "long-overdue solution to the problem of passwords," he said.

"It works against passive attacks: eavesdropping and password guessing. It protects against users choosing weak passwords, telling their passwords to their colleagues or writing their passwords on pieces of paper taped to their monitors. For an organization trying to improve access control for its employees, two-factor authentication is a great idea. Microsoft is integrating two-factor authentication into its operating system, another great idea."

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Roku 4: Our favorite TV streaming system gets 4K video and a remote locator

Ever lose your remote in the couch cushions? Ever wish you could stream 4K Netflix without having to use your TV's built-in app? Roku's new high-end player, the $129 Roku 4, brings these new extras to its best-in-class streaming ecosystem.

by David Katzmaier