Two-step authentication, know/have security, serendipity

I was listening to TM Forum talk about the growth of machine to machine (M2M) services. That got me thinking about how Communication Service Providers (CSPs) are missing the boat as central players in identity authentication. I have already raised this point at TM Forum a couple times. A password is single-step authentication. It's something you know. But the second step is something you have. Our phones are being under-utilized for authentication. (You can use "something you have" without "something you know." The oldest example is the key to your front door.) I have been using Google two-step authentication since they introduced it. (Do you realize how much of your personal information is in your Google account? Don't trust it to password-only security!)

Anyway, this morning I was wondering what's available from the open source community to support two-step authentication. I started today by googling "open source" sms callback security. That led me to a couple interesting resources. @mnxsolutions looks like it's an organization populated by "my" kind of people. Linux command line. C instead of Java. They blogged about Two Factor SSH with Google Authenticator. That might be useful. And there's Kannel, which looks like a handy component if I wanted to create an M2M SMS system. Next I searched for anyone talking about Kannel at Twitter, and that's how I found @romboke's stream. Interesting guy. I love Internet serendipity!

Update: Added how M2M and CSPs fit into my morning serendipity.

 

127 views and 0 responses