If you haven't read that post, I recommend that short read first. I love it when people leave intelligent responses... and make me think
Well, let's take this in stride, because if you just consider how trashed and malware ridden the average person's computer is it's entirely plausible to say that in fact no, multi-factor (2 or more?) authentication doesn't really add anything when the machine is compromised by malware that's often more technically advanced than the counter-measures we employ to make it simple for people to log in.
But that's just depressing, and too... "Eeyore".
Let's be realistic instead - does multi-factor authentication really matter in the modern threat landscape? I think the answer is many times more complex than a simple yes/no would imply - but overall I think the answer is still yes.
Here's my thinking:
- In light of recent compromises (MySQL/Sun/Oracle, ThePirateBay, Comodo and others) it's obvious that passwords are still too simple, easy to crack, and too often re-used across multiple tiers of risk
- What breaches of web sites teach us further is that even if your password is stellar and complex, the website may store it in plain text ...and when they get SQL Injected and have their database stolen the game is over
- While it may be a simple (and near-common-sense) jump to say that a vast majority of people's machines are compromised or loaded with some sort of malware... there aren't any good studies to extrapolate from -maybe we're wrong?
- I doubt anyone thinks that multi-factor authentication will stop an attacker, but we can probably agree that it will slow him/her down ...now we just need to figure out to what extent
- In a relatively clean environment an attacker would have to compromise my computer + "me" to get at my account... and that's a pretty good level of risk mitigation
- I have no faith in passwords... but if even you the user don't know the next password, it is difficult to write it down or lose it or have it traded for a candy bar
- Multi-factor authentication systems that use one-time passwords give the attacker a very small window within which to strike... you have that one session and then you have to orchestrate your attack again; whereas with a password compromise you can keep attacking over and over
Anyway... that's my take on it. If I'm looking at implementing a multi-factor authentication system and weighing the cost/benefit... I say do it, because passwords alone are dead and buried.
Cross-posted from Following the White Rabbit