search for: badingb

On Thu, Jul 7, 2016 at 10:00 AM, Bruce F Bading <badingb at us.ibm.com> wrote: > > Hi Gentlemen, > > Thank you both for your valued opinion. I do however agree that public key > authentication cannot be fully considered MFA as have 2 PCI QSAs I have > spoken with. This is because it is not enforceable server side. Many > things...

On Sun, 3 Jul 2016, Stephen Harris wrote: > On Sun, Jul 03, 2016 at 09:19:43PM -0500, Bruce F Bading wrote: > > One, the Google Authenticator (OTP authentication). > > On its own, this is not 2FA. It's single factor ("something you > have"). > > A combination of Google Authenticator _and_ password is 2FA. This is > easy to do with PAM. Agreed >

...private key authentication. Which of these is considered multi-factor authentication and can you give a brief response? There are different opinions here and your opinion is greatly appreciated. Sincerely, Bruce F. Bading Senior Security Consultant IBM Systems and Technology Group 830-237-6851 badingb at us.ibm.com member ISACA since 1985 "United We Stand" For those with risk, your time to remediate is today. For those who have been breached, your time to remediate was yesterday!