http://blog.trustbearer.com/2008/05/01/extra-tokens-are-convenient/ A Convenient and Secure Connection to the Web Sat, 24 Apr 2010 07:42:22 +0000 hourly 1 http://wordpress.com/ http://blog.trustbearer.com/2008/05/01/extra-tokens-are-convenient/#comment-41 Billy Wed, 18 Jun 2008 01:24:35 +0000 http://openidtrustbearer.wordpress.com/?p=36#comment-41 One big upside to the phonefactor-type solution is the Out of Band component. It would be great if your solution didn't essentially translate the "what you have" into a "what you know" and then require the user to feed it into the browser, where phishing can occur. One big upside to the phonefactor-type solution is the Out of Band component. It would be great if your solution didn’t essentially translate the “what you have” into a “what you know” and then require the user to feed it into the browser, where phishing can occur.

]]> http://blog.trustbearer.com/2008/05/01/extra-tokens-are-convenient/#comment-40 Ashwin Sun, 15 Jun 2008 03:20:25 +0000 http://openidtrustbearer.wordpress.com/?p=36#comment-40 Thanks Brian, I've looked at a variety of these (i.e. PhoneFactor). Seems like (though I don't fully understand this stuff) they focus on placing a call rather than establishing some sort of data session, which seems like it could be a common technical solution without regard for differences between telephone networks. Would love to stick with your stuf though... Thanks Brian, I’ve looked at a variety of these (i.e. PhoneFactor). Seems like (though I don’t fully understand this stuff) they focus on placing a call rather than establishing some sort of data session, which seems like it could be a common technical solution without regard for differences between telephone networks. Would love to stick with your stuf though…

]]> http://blog.trustbearer.com/2008/05/01/extra-tokens-are-convenient/#comment-39 Brian Kelly Mon, 09 Jun 2008 13:01:27 +0000 http://openidtrustbearer.wordpress.com/?p=36#comment-39 We are considering a few alternative tokens from the traditional ones that we've supported in the past. This includes mobile phones and soft tokens. One of the challenges in the mobile phone space is a standard for communication between the host computer and the mobile phone, but we're <a href="http://en.wikipedia.org/wiki/Near_Field_Communication" rel="nofollow">getting there</a>. We are considering a few alternative tokens from the traditional ones that we’ve supported in the past. This includes mobile phones and soft tokens. One of the challenges in the mobile phone space is a standard for communication between the host computer and the mobile phone, but we’re getting there.

]]> http://blog.trustbearer.com/2008/05/01/extra-tokens-are-convenient/#comment-38 Ashwin Sun, 08 Jun 2008 23:43:21 +0000 http://openidtrustbearer.wordpress.com/?p=36#comment-38 Word. Lots of benefits. First, no need to distribute or manage physical tokens. Second, 2nd factor authentication could occur out of band, which could protect against lots of man in the middle and phishing. Are there any non-token Trustbearer services on tap? Word. Lots of benefits. First, no need to distribute or manage physical tokens. Second, 2nd factor authentication could occur out of band, which could protect against lots of man in the middle and phishing. Are there any non-token Trustbearer services on tap?

]]> http://blog.trustbearer.com/2008/05/01/extra-tokens-are-convenient/#comment-37 Sergey Sat, 07 Jun 2008 17:26:14 +0000 http://openidtrustbearer.wordpress.com/?p=36#comment-37 I'm wondering why you are sticking with the physical token concept. Why not evolve strong authentication towards usage of physical devices already in the hands of consumers, such as a mobile phone? I’m wondering why you are sticking with the physical token concept. Why not evolve strong authentication towards usage of physical devices already in the hands of consumers, such as a mobile phone?

]]>