The title of this recent Washington Post article is another example of the overuse of the term "identity theft": A New Key to Fighting Identity Theft. The article is not about assuming someone's identity and getting credit in their name, but it is interesting nevertheless ...
Both America Online and E-Trade are offering their users an additional level of login security by using RSA's number generating tokens for a two-factor authentication.
"That number acts as an extra, one-time password by matching up with an identical number generated at the same time by a computer at AOL or E-Trade's offices. Both the token and the computer had their clocks synchronized at birth, ensuring that each would generate matching random six-digit numbers at the same intervals.The idea here is to ensure that password theft has no value. Each six-digit number's utility expires once it's used, but without it a regular user name and password alone won't log a customer in."
This is obviously a good thing, though it won't do a lot for real identity theft and we could end up with a whole mess of these things on our keychains.
No comments:
Post a Comment