|
Well, the real answer is a couple of questions: What problem are you trying
to solve? What threat are you trying to avoid?
Two-factor authentication is better than one-factor, I suppose. Every time I
get money from an ATM, it uses two-factor authentication. On the other hand,
every time I start my car or unlock my house I'm using one-factor
authentication, and none of us suggest that's not good enough.
I mention this because there's a tendency to think that because two is a
larger number than one, anything that has two of something is better than
something that has one of them. In security, however, there's a principle
that every security measure is a denial of service in disguise. If you move
from plain passwords to passwords plus tokens of some sort, then you have
created a more secure environment, but one in which it's easy to keep people
from doing their jobs. What happens if they leave the token at home, the
token just stops working, someone from another site works in your building
and so on.
And that brings us back to the question of what problem you're trying to
solve. Only you can answer why you need two-factor authentication and what
you want that other factor to be.
There's also a bit of a gray area on what counts as a factor. Some things
are easy. A password counts as a factor. A smart card is obviously a factor
that's different than a password. Others aren't so clear. Is a certificate
another factor? I'm fortunate enough to have an office with a door; is that
lock another factor?
The Phoenix system seems to me to fall smack into that sort of a gray area.
Whatever they're doing is turning your system into something like a token.
You can't authenticate from another machine.
This is neat, but there's a very real sense in which my machine is either a
really nifty factor or not a factor at all. For example, suppose an
attacker knows my password and walks into my office when I'm out at lunch.
Well, knowing my password can unlock my machine no matter what, and this
doesn't add anything. On the other hand, they can't come in on the VPN that
way. It also makes a certain amount of sense with a laptop.
Now -- you're asking my opinion about this, presumably because you're
thinking about buying it. Unfortunately, I don't have information about what
you want to do. I don't know what problem you're trying to solve. If you
want to buy it and you need some good reasons for why you should -- well, I
can give it to you. If, on the other hand, you don't want to buy this and
you need ammunition to shoot it down, I could do that, too.
If you're going to put this on laptops, home machines or other mobile
systems as a remote authentication system, I think it's pretty cool. You're
getting most of the benefit of a two-factor system, while making the second
factor the actual device that's connecting. It will keep out random people
trying to connect to your network with little pain to your users.
If, however, you're wanting to put this on static systems in people's
offices, then well, I don't think it adds all that much. Yeah, it will solve
people from plugging unauthorized systems into your network, but how often does
that happen? (Maybe a lot, maybe not at all, only you can answer that.) One
of the costs of the system, however, will be a loss of convenience. If I
can't go into your office and say, "Here, let me show you something" then
we're losing a small but valuable part of a distributed network. Me, I'd
optimize for convenience, but I don't know your requirements.
|
