Second Factor Authentication - One Time Passwords

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Second Factor Authentication - One Time Passwords

Postby cmoyer » Tue Feb 17, 2009 9:40 pm

Hi,

Thank you for such a great product. I noticed the other day that you support one-time passwords and I thought that this was going to be a 2nd factor Authentication, but it is not quite.

Two factor authentication is:
1. Something you know (password, i.e. Master password)
2. Something you have/are (finger print, Pay Pal FOB, etc.)

If you combined the otp with your master password, then you'd have an easy 2-factor authenication method, where you'd have to enter both to access the site.

Steve Gibson described an implementation of such a 2 factor solution in the Security Now podcast. The full description is here.

I would be interested if you implemented something like the "Perfect Paper Passwords" system as your 2-factor authentication, as it wouldn't require carrying around a 3rd party FOB of some sort.

Thanks!
cmoyer
 
Posts: 1
Joined: Tue Feb 17, 2009 9:25 pm

Re: Second Factor Authentication - One Time Passwords

Postby sameer » Tue Mar 03, 2009 7:46 pm

Thanks for the suggestion,

We have true multi-factor authentication on our roadmap (https://lastpass.com/roadmap.php)

As far as 2 factor paper based authentication....we have talked about this internally.
We like the idea, but haven't settled on an implementation. Having to constantly generate and
discard and keep track of one time passwords for every login is secure, but is not the most usable of solutions.

Internally, we spoke of instead using a wallet sized card that has a m x n grid on it
with each grid containing characters/symbols. The location of the characters/symbols in the grid along
with what character/symbols are present would be the 2nd paper password that would dynamically change
each time you logged in.

So, again, we like the idea...but are still thinking on exactly how we want to implement things.
sameer
Site Admin
 
Posts: 268
Joined: Tue Aug 19, 2008 9:43 pm
Location: Toronto, Canada


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 22 guests