Digital Identity - ‘Physical Tokens’ vs ‘Onetime Password Messaging’
Question: Which proposition do you think is better as the second factor of 2-factor authentications?
Answer: All depend on where you see the better balance between security and convenience for each use case.
We could see a merit of physical tokens or hardware keys as against OTP messaging that is relatively more vulnerable in the online environment, but we could also see its demerit ; When we have dozens of accounts to protect, would we have to carry around a big bunch of hardware keys which could physically catch a quick eye of bad guys or would we have to re-use one or a few hardware keys across many accounts, physically creating a single point of failure?
In order to overcome this conflict, we came up with our own proposition of 2-channel/2-factor authentication for achieving an optimal balance between security and convenience at a higher level, which was implemented for a corporate network 6 years ago and is still running.
Click the link for more
Excerpt: Our proposition of 2-channel authentication could help.
With our 2-channel scheme, the onetime code can be recovered and sent to the server only by the legitimate user who retains the secret credential in their brain.
Further details are provided in this slide “2-Channel Authentication with No Physical Tokens and No SMS” for the specifics.
It is also referred to as a powerful phishing deterrent in “Targeted/Spear Phishing and Expanded Password System”
By the way, this 2-channel scheme is not just a concept, but was actually implemented in the real world for corporate use.