[wplug-internet] Two-factor authentication

Justin Smith justin at adminix.net
Thu Feb 12 17:18:22 EST 2015 

There aren't any smartphone apps that manage SSH keys - at least, not on Android. You can put your private key on your smartphone's storage partition, if it supports that, but you'd also have to carry around a USB cable and hope that whatever computer you want to connect from doesn't require a particular driver or package to be installed in order to recognize the smartphone's storage partition.

For instance, in order to get my laptop to recognize my OnePlus One, I had to install an additional package. On Windows, I'd probably have to install an additional driver. That just isn't possible on a public computer.

So basically, OTP requires administrative work but is more flexible for end-users, while SSH keys are easy from an administrative perspective but are less flexible for end-users. The ease of use for end-users is probably why OTP products like Authy and Google Authenticator have become so popular methods of two-factor authentication.

If you want to know why I'm concerned about information security, re-read my initial email. There are a lot of high-profile information breaches in the news these days. These breaches have two things in common: relatively lax security and information stored in cleartext.

I won't go into details about this on a public mailing list, but our current setup isn't much better than that. I certainly wouldn't want to be the one to have to contact the people in our membership file to explain that someone broke into our server and has their personal information. It would be an embarrassment.

I also think improved security is good from a manpower perspective. The less chance there is of user accounts being compromised - wheel accounts in particular - the less potential there is that we'll suffer a serious security breach, and the less potential problems we'll have to deal with.


*Justin Smith*
GNU/Linux System Administrator

/"Nothing in this world can take the place of persistence. Talent will not; nothing is more common than unsuccessful people with talent. Genius will not; unrewarded genius is almost a proverb. Education will not; the world is full of educated derelicts."/

/-Calvin Coolidge/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wplug.org/pipermail/wplug-internet/attachments/20150212/72207f6e/attachment-0001.html>

More information about the wplug-internet mailing list