27 Dec
2015
27 Dec
'15
1:17 a.m.
On Sat, Dec 26, 2015 at 10:06 PM, Matthew Petach <mpetach@netflight.com> wrote:
Thanks for the reminder to look at it from multiple perspectives.
The key attribute missing from the discussion so far is that the factors be *different*, from the set of: - something you know (password / PIN) - something you have (keyfob / OTP generator / chip) - something you are (fingerprint / retina scan) Claiming a passphrase and key are two "factors" is missing the point -- they both come from the same set (a secret which could be cloned). If you believe those are two factors then a password alone is 10 factors (one for each character)! ;) Damian