Re: Evaluating Two Factor Authentication
- From: Meenal Mukadam <meenal.mukadam@xxxxxxxxxxxxxxxxx>
- Date: Tue, 5 Oct 2010 13:59:37 +0530
Dear Mufambisi,
You can use the following procedure to generate your own:
1) Understand the mechanism of 2-factor authentication
2) Understand the limitations, risks and threat environment of the
2-factor authentication mechanism/s
3) Develop specific cases or an assessment checklist (it can cover
points like technological risks assessment, assessment of
configuration or deployment, load/stress handling capability, etc.)
4) Execute your assessment based on the cases you developed
A generic reference material:
Testing Multiple Factors Authentication (OWASP-AT-009)
http://www2.owasp.org/index.php/Testing_Multiple_Factors_Authentication_(OWASP-AT-009)
Thanks and Regards,
Meenal A. Mukadam
On Sat, Oct 2, 2010 at 4:14 AM, M.D.Mufambisi <mufambisi@xxxxxxxxx> wrote:
i realise i did not ask my question properly. Im sorry. What i need is
a primer on the two factor authentication inherent risks or the two
factor authentication threat model to the service, processes (user
registration, token issuance etc) and infrastructure (HSM etc). Assume
the two factor is implemented on online banking.
On 10/1/10, TAS <p0wnsauc3@xxxxxxxxx> wrote:
If you want to understand the concepts then Wikipedia should be a good start
TAS
On 1 October 2010 06:19, M.D.Mufambisi <mufambisi@xxxxxxxxx> wrote:
Hi,
I will be evaluating 2 factor authentication scheme in the next coming
days.
Is there anyone who can point me to some good resources on this?
Whitepapers..documents...anything?
Regards
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and
how your customers can tell if a site is secure. You will find out how to
test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted
to help you ensure efficient ongoing management of your encryption keys
and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
- References:
- Fwd: Evaluating Two Factor Authentication
- From: M.D.Mufambisi
- Re: Evaluating Two Factor Authentication
- From: TAS
- Re: Evaluating Two Factor Authentication
- From: M.D.Mufambisi
- Fwd: Evaluating Two Factor Authentication
- Prev by Date: Re: [WEB SECURITY] Captcha testing
- Next by Date: Metasploit video tutes?
- Previous by thread: Re: Evaluating Two Factor Authentication
- Next by thread: Re: Evaluating Two Factor Authentication
- Index(es):
Relevant Pages
|
