Verisign Offering Disposable Passwords
Verisign announced today that a new type of payment card embedded with a One-Time Password (OTP). Until now, most OTPs have been in devices like tokens and key fobs.
The card works just like the tokens. They have a button on the back that can be pushed every time the user wants to make a transaction to display a number. The card generates a new number for every transaction.
The user enters their user ID and password and also the OTP number plus a PIN number. The OTP and PIN combination are one factor and the user ID and password are the second factor in what is considered a two-factor authentication system. The user ID and password are the "what you know" and the OTP value are the "what you have" pieces of a two-factor system.
The story was reported today on Market Watch.
A few days later, Larry Seltzer had some interesting comments in eWeek. He made the same arguments as most businesses about OTPs -- they're a hassle to customers and could potentially drive business away. But, interestingly, he was also cautiously optimistic.
The card works just like the tokens. They have a button on the back that can be pushed every time the user wants to make a transaction to display a number. The card generates a new number for every transaction.
The user enters their user ID and password and also the OTP number plus a PIN number. The OTP and PIN combination are one factor and the user ID and password are the second factor in what is considered a two-factor authentication system. The user ID and password are the "what you know" and the OTP value are the "what you have" pieces of a two-factor system.
The story was reported today on Market Watch.
A few days later, Larry Seltzer had some interesting comments in eWeek. He made the same arguments as most businesses about OTPs -- they're a hassle to customers and could potentially drive business away. But, interestingly, he was also cautiously optimistic.
posted by The IT Security Guy at 6:35 PM
0 Comments:
Post a Comment
<< Home