Hurricane Labs, is a Cleveland, Ohio Information Security firm that provides security monitoring, network monitoring, and vulnerability management for enterprise networks all over the world. We process millions of events every day and help clients develop awareness of what is happening on their network, both good and bad, 24 hours a day, 365 days a year.

Featured Article

Each month, we feature an article from our Eye of the Storm Newsletter here.

Two Factor Authentication - Yes There are Alternatives to RSA

Written by: Bill Mathews
From Eye of the Storm - June 2009

Since the inception of this company we’ve preached heavily the use of some sort of two-factor authentication. Whether it’s certificate or passcode based wasn’t really that relevant to me, it just should NOT be a static password. Fast forward a few years and we’re seeing this proliferation of SMS based two-factor systems. Essentially you send your passcode or some other identifying piece of information and it sends you back a happy little passcode. There’s a couple things about SMS you should know, (1) it’s a “store and forward” system meaning it does very little origination checking or anything else from a security standpoint and (2) it’s completely unencrypted. This means that the very nature of it is insecure. This isn’t because SMS is bad, it’s just bad for authentication. It’s not meant to be a security system! There are also performance and reliability concerns. However, I’ve never really experienced an SMS outage myself, so I think that might be overblown (I’m a huge SMS user) ... [ read on ]

Newsletters

News from Eye of the Storm