Almost 4 years ago I wrote a post titled ‘The Epic Hacking of Mat Honan and Our Identity Challenge‘. In it I examined how hackers exploited the ways in which our online accounts are daisy chained together through poor password recovery and KBA based systems to systematically take over Mat Honan’s digital life. 4 years
If you’ve been following Authentication related discussions, you know that a lot of the tactical focus is on adding additional authentication factors to the base username/password login mechanism as a way of making it more secure. This is particularly true in consumer facing applications, as brought into stark contrast by the Mat Honan hack episode.
Some recent moves by major players could have a significant impact on the perception of multi-factor authentication technologies. Google recently introduced two-factor authentication for Google Apps. The mechanism they chose to employ relies on a one-time password token delivered to a cell phone either by an SMS text message or a call to the phone