|
| Does the personal information stay on the computer or hand-held device? Good question.
Microsoft's new "Hello" says on the computer. And it's a fairly small amount of information. Yes, it's CSI-style facial information, however, on a very thin version. Hello is doing a simple yes-no question is answered. "Is this the face associated with this log-in?" Yes/No?
The secret number generated by a smart-card or key fob is again, a simple yes/no question. "Is this the number the software is needing before it lets you in?" Yes/No? The servers I ran were in an on-site server farm. That's where the answer was needed. 90% of the users answering that question were on-campus, but not in the server-room, so that personal data does go off your computer.
The text-messaged secret number involves a whole different system - text messages to a cell phone, the response (another yes/no question) would be keyed into a web-page which obviously sends that information off-site. But here, the significance is not only the special, Maxwell Smart shoe-phone secret number involves something you've previously told the system only you have - your cell phone number.
Getting the correct secret answer to the color of your first car's steering wheel involves your personal answers to those questions being stored off your device. Another yes/no question (Is this the correct answer - yes/no?) but the web-page can be accessed by any number of computers, laptops, tablets, smart phones - so the answer key must be kept off-site.
| |
|
Two factor authentication (2FA) helps stop fraud
