« Why would anyone attack me? | Main | Red Hat Linux vs Microsoft Windows: what really matters »
March 29, 2005
Two-factor authentication is a necessary step in the arms race
Well, I'm a bit slow off the mark responding here, but a couple of weeks ago well-known security expert Bruce Schneier (BS) published a blog entry about the failure of two-factor authentication (2FA). BS argues that in the long run 2FA will not improve security at all because of two attack vectors: Trojans and man-in-the-middle (MiM) attacks.
While it's quite true that these attacks pose problems for 2FA, it is a little shortsighted to say that 2FA will serve no useful purpose in improving security. BS makes the assumption that the Trojan problem and the MiM problem will not go away, and hence will become the main avenues of attack.
But what if we can solve the Trojan and MiM problems? Then 2FA is very useful indeed, because, as BS points out in his blog, it solves a whole host of weaknesses with traditional, one-factor passwords:
"Two-factor authentication mitigates this problem. If your password includes a number that changes every minute, or a unique reply to a random challenge, then it's harder for someone else to intercept. You can't write down the ever-changing part. An intercepted password won't be good the next time it's needed. And a two-factor password is harder to guess."
Furthermore, even if we don't solve the Trojan and MiM problems, 2FA still makes exploitation harder for the attacker, because the attacker must act when the victim logs in, and cannot delay the attack. Without 2FA, a Trojan can garner sensitive information such as passwords and use that information at any time in the future. This allows an attacker to do things like sell that information to third parties. But with 2FA, this is no longer possible, because the password information will be useless from one moment to the next. Hence the attacker is constrained to act before the user logs out. Of course, the attacker can still do a lot of damage, but my point is simply that it raises the bar.
In summary, let's not dismiss 2FA just yet! Security, as we all know, is an arms race, and 2FA is definitely a move forward by the defenders. Just because it's not infallible and there are currently ways around it, doesn't mean that it's useless. It reduces the attack surface, and that's a lot of what this game is all about. I predict that we're going to see widespread usage of it, and it will make a tremendous difference.