Tuesday, December 13, 2011

Pros losing confidence in hard tokens

I was always a proponent of hardware security devices due to their hard to copy or steal undetected nature. The human factor, though, seems to play the biggest role in this form of authentication as well, and here's why:

Pros losing confidence in hard tokens

I should notice that hardware token such as OTP generator is no security by itself. Such devices must be password- or PIN-protected, so that if the device is lost, it becomes useless. PKCS#11 devices (USB cryptotokens and cryptocards) include such protection on board, and probably this is why they are not mentioned in this articles. Simple access control devices such as pass cards, don't have sufficient protection though. And this can lead to lowered confidence in all types of devices, including strongly protected ones