[Info-vax] Two-Factor Authentication
VAXman- at SendSpamHere.ORG
VAXman- at SendSpamHere.ORG
Wed Oct 23 08:31:40 EDT 2019
In article <qoo8m2$u8a$1 at gioia.aioe.org>, =?UTF-8?Q?Arne_Vajh=c3=b8j?= <arne at vajhoej.dk> writes:
>On 10/22/2019 8:32 PM, VAXman- at SendSpamHere.ORG wrote:
>> In article <qoo2jl$3jt$2 at gioia.aioe.org>, =?UTF-8?Q?Arne_Vajh=c3=b8j?= <arne at vajhoej.dk> writes:
>>> On 10/22/2019 2:01 PM, VAXman- at SendSpamHere.ORG wrote:
>>>> Is anyone here using a two-factor authentication scheme with OpenVMS?
>>>
>>> For?
>>>
>>> VMS login over TCP/IP?
>>>
>>> VMS login console?
>>>
>>> Login some web application residing on VMS?
>>
>> Most likely for ssh and web application.>
>
>SSH: passsword + client certificate (not sure how that works on VMS though)
Hostkey.
>web app: password + client certificate *or* password + text message with
>pin (either via email to text gateway or an text messaging provider
>offering a web service API)
Many web sites are doing this and I discussed this method with party interested
in implementing 2FA yesterday. By bank is now doing this OTP pin authentication
which I, personally, find extremely annoying. The email route can often be very
long in which case the OTP pin is expired and I don't have a phone that receives
SMS. The whole phone thing seem problematic, especially if it's a mobile phone
and the user is outside of cell service.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
More information about the Info-vax
mailing list