Two-channel authentication
I talk a lot on this blog about two-factor authentication, but there’s a related concept that I don’t think I’ve mentioned yet: two-channel authentication.
Two-channel authentication means that the two different authentication factors (e.g., the username/password + the phone, in PhoneFactor) utilize two different communications channels. In the case of PhoneFactor, these channels are the Internet and the public telephone network.
Two-channel auth can be a security improvement in certain contexts, such as when an attacker is able to take total control of your Internet pipe, but doesn’t control your phone and its associated network. It’s kind of a new concept, so it’s a little early to say just how beneficial this is, but it’s clear that it’s a plus in at least some contexts. And, intuitively, it makes a lot of sense.
So, this should probably go into the question set when considering two-factor authentication systems: does the system under consideration support two-channel authentication or just two-factor authentication?
-Steve
Leave a Reply