iMac
2012-03-05 : The day SWTOR jumped the shark
Mages are basically "warlocks for girls" - Kerrath
As someone in this tread said, everything you connect to the computer is unsafe, and can be copied, recorded or monitored.
The RSA token system is as safe as it gets at the moment, without very expensive security equipment.
I find it good, and the token is very small (if you dont have it in your smartphone) and is a nice keyring.
What I dont like is that everyone want to have their own RSA token, when it is the serialnumber combined with the internal clock in the token that generates the code anyway. So a generic (personal?) RSA token would be a great thing.
The problem with this is that they usually have visual feedback. Keyloggers which take screencaptures are even available for sale. I don't think it would be that hard for malicious people to fabricate something that'll get your information.
From a security standpoint, it's still something you know and as such it isn't defense in depth, which having an authenticator (something you have) and a password (something you know) is.
I was just hoping for people to come up with more innovative and unique ways of authenticating, like really think outside of the box, so far it looks like the Rift coin system sounds promising.
Well the problem is that an authenticator is basically a key. Someone can't open a door if they don't have the key. It's not meant to stop keyloggers, it's meant to create a physical, unique layer of security.
Your idea, the clicking and dragging stuff in series, is more of a "Human Check" than a security layer. It would stop bots but not unauthorized logins. This is why Random Number Generation key fobs are a common security tool in large businesses--they work better than any digital alternative.
The reason RNG fob security is so tight is because its impossible to predict the next number. Clicking and dragging in a pattern means that there is a set pattern you are trying to match. As soon as someone finds out that pattern it becomes entirely useless. That's where physical RNG keys win; even if someone learns one of your numbers it will do them no good.
Last edited by Tore; 2011-12-07 at 06:55 PM.