|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
The Case for Mobile Two-Factor Authentication
September/October 2011 (vol. 9 no. 5)
pp. 81-85
| ASCII Text | x | ||
| Dimitri DeFigueiredo, "The Case for Mobile Two-Factor Authentication," IEEE Security & Privacy, vol. 9, no. 5, pp. 81-85, September/October, 2011. | |||
| BibTex | x | ||
| @article{ 10.1109/MSP.2011.144, author = {Dimitri DeFigueiredo}, title = {The Case for Mobile Two-Factor Authentication}, journal ={IEEE Security & Privacy}, volume = {9}, number = {5}, issn = {1540-7993}, year = {2011}, pages = {81-85}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2011.144}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - MGZN JO - IEEE Security & Privacy TI - The Case for Mobile Two-Factor Authentication IS - 5 SN - 1540-7993 SP81 EP85 EPD - 81-85 A1 - Dimitri DeFigueiredo, PY - 2011 KW - mobile computing KW - computer security KW - two-factor authentication KW - mobile authentication KW - mobile phones KW - passwords KW - PINs KW - online PINs KW - offline PINs VL - 9 JA - IEEE Security & Privacy ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.144
Mobile two-factor authentication systems can provide three security guarantees. First, a compromised PIN won't provide a way to authenticate an attacker or provide any extra information about the corresponding phone. Second, a stolen phone won't provide a way to authenticate the attacker and can't leak the corresponding PIN. Finally, a compromised verifier will have absolutely no information about the PIN and therefore can't leak it. The personal nature of mobile devices and the ability to provide these three guarantees without long passwords make two-factor authentication a better match for the mobile world.
1. A. Felt and D. Wagner, "Phishing on Mobile Devices," presentation at W2SP: Web 2.0 Security and Privacy Workshop, 2011; http://w2spconf.com/2011/papersfelt-mobilephishing.pdf .
2. "Authenticating REST Requests," Amazon Web Services; http://s3.amazonaws.com/doc/s3-developer-guide RESTAuthentication.html.
3. D. Goodin, "Get Your German Interior Minister's Fingerprint Here," The Register,30 Mar. 2008; www.theregister.co.uk/2008/03/30german_interior_minister_fingerprint_appropriated .
4. P. MacKenzie and M.K. Reiter, "Networked Cryptographic Devices Resilient to Capture," Proc. 2001 IEEE Symp. Security and Privacy, IEEE CS Press, 2001, pp. 12–25.
Index Terms:
mobile computing, computer security, two-factor authentication, mobile authentication, mobile phones, passwords, PINs, online PINs, offline PINs
Citation:
Dimitri DeFigueiredo, "The Case for Mobile Two-Factor Authentication," IEEE Security & Privacy, vol. 9, no. 5, pp. 81-85, Sept.-Oct. 2011, doi:10.1109/MSP.2011.144
Usage of this product signifies your acceptance of the Terms of Use.