On Sat, Dec 26, 2015 at 10:06 PM, Matthew Petach <mpet...@netflight.com> wrote:
> Thanks for the reminder to look at it from multiple perspectives. > The key attribute missing from the discussion so far is that the factors be *different*, from the set of: - something you know (password / PIN) - something you have (keyfob / OTP generator / chip) - something you are (fingerprint / retina scan) Claiming a passphrase and key are two "factors" is missing the point -- they both come from the same set (a secret which could be cloned). If you believe those are two factors then a password alone is 10 factors (one for each character)! ;) Damian
