On Wednesday 18 April 2012 11:59:32 Simon Brereton wrote: > Are you planning to implement 2-step authentication in the next Horde > release? > > http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-proof.html > > It would be relatively trivial so long as a mobile app can be written > (and that could be done in html5, so it shouldn't need to be device > dependent). > > If not, let me know and I'll add a feature request.
First: I know what two-factor authentication is and how it works and why it actually improves security. Here is why I think two-factor authentication like googles or that of "Duo" aren't actually improving security: The main security comes from the fact that the second factor is a) different the the first and b) hard to attack. It looses all its appeal when you use the same smart-phone for 2-step authentication and the actual login (as you would with imap/activesync/webinterface). And you are doing this on a phone that is neither fully under your control (unless you have a rooted android) nor is it hard to attack. Any Android that needs 'full access to your phone to set profiles depending on time, location and environment' for example have all it takes to catch both your login and your 2nd factor... If you really want to use some kind of two factor authentication with your phone, do it with some old 'phone and sms'-only phone. And don't rely on any smartphones OS unless you hacked and hardened it your own. Have fun, Arnold
signature.asc
Description: This is a digitally signed message part.
-- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org
