I'm trying to implement 2 factor authentication on the cheap. How would I do that?

Posted by Biff MaGriff on Stack Overflow See other posts from Stack Overflow or by Biff MaGriff
Published on 2010-05-12T21:28:35Z Indexed on 2010/05/12 21:34 UTC
Read the original article Hit count: 210

Filed under:
|

Ok so I need 2 of the 3.

Something the user knows.
Something the user has.
Something the user is.

I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards.

I'm thinking when a user registers to use our system we send them an application that they install on their home system. The application generates a key based on a timed randomness algorithm. Our application server has the same algorithm so when the user submits their credentials with the key we know that they are a legitimate user.

Is this a valid method of 2 factor authentication?

What is another way of doing this?

Are there any pitfalls that I should be aware of?

Thanks for your help!

© Stack Overflow or respective owner

Related posts about authentication

Related posts about security