Jiri’s Notepad

According to ex-MS, now US Govt’s Howard Schmidt, “we will see the widely accepted use of two-factor authentication” in next three years. Although this would probably sound nice to ears of security vendors, I think think his prediction will prove wrong.

Hardware tokens are too expensive even for widespread enterprise use. Use of certificates  is a no-go before without smart cards and certificate enabled applications. Given the fact that issues with certificate-enablement of legacy applications was the main cause for the spectaular failue of PKI-security-silver-bullet, can anybody explain please, why this should be successful this time? Smart-cards are no-go without smartcard readers and for the Schmidt’s prediction to become correct we would have to be seeing the readers been OEM’d into new computers, which I don’t see either.

Long live passwords!