Displaying 2 results from an estimated 2 matches for "qsas".
Did you mean:
isas
2016 Jul 09
2
SSH multi factor authentication
On Thu, Jul 7, 2016 at 10:00 AM, Bruce F Bading <badingb at us.ibm.com> wrote:
>
> Hi Gentlemen,
>
> Thank you both for your valued opinion. I do however agree that public key
> authentication cannot be fully considered MFA as have 2 PCI QSAs I have
> spoken with. This is because it is not enforceable server side. Many
> things can affect client side security.
>
> It is distributable and not enforceable at a single point.
> The key can be regenerated or downloaded again and regenerated to remove
> the paraphrase maki...
2016 Jul 04
2
SSH multi factor authentication
On Sun, 3 Jul 2016, Stephen Harris wrote:
> On Sun, Jul 03, 2016 at 09:19:43PM -0500, Bruce F Bading wrote:
> > One, the Google Authenticator (OTP authentication).
>
> On its own, this is not 2FA. It's single factor ("something you
> have").
>
> A combination of Google Authenticator _and_ password is 2FA. This is
> easy to do with PAM.
Agreed
>