Issue No.05 - September/October (2011 vol.9)
Dimitri DeFigueiredo , Adobe
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.144
Mobile two-factor authentication systems can provide three security guarantees. First, a compromised PIN won't provide a way to authenticate an attacker or provide any extra information about the corresponding phone. Second, a stolen phone won't provide a way to authenticate the attacker and can't leak the corresponding PIN. Finally, a compromised verifier will have absolutely no information about the PIN and therefore can't leak it. The personal nature of mobile devices and the ability to provide these three guarantees without long passwords make two-factor authentication a better match for the mobile world.
mobile computing, computer security, two-factor authentication, mobile authentication, mobile phones, passwords, PINs, online PINs, offline PINs
Dimitri DeFigueiredo, "The Case for Mobile Two-Factor Authentication", IEEE Security & Privacy, vol.9, no. 5, pp. 81-85, September/October 2011, doi:10.1109/MSP.2011.144