John Pescatore

A member of the Gartner Blog Network

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

Twelve Word Tuesday: The Cellphone as the Elusive Second Authentication Factor

by John Pescatore  |  October 20, 2009  |  4 Comments

Most people take way better care of their smartphones than their passwords.

4 Comments »

Category: Uncategorized     Tags:

4 responses so far ↓

  • 1 Saqib Ali   October 20, 2009 at 2:00 pm

    the device, yes, but not of what is stored on it……

    they will share the one-time passcode with anyone who asks for it – phishing, social engineering etc…..

  • 2 Jan Heisterkamp   October 20, 2009 at 9:41 pm

    Since locals bancs in Costa Rica had included cellfones in their dynamic password regime and daily passsword requests has become a common routine we finally have a better use for cellfone surveillance software or even mobile phone malware *cough*
    btw greetings saquib ;)

  • 3 Scott Olson   October 20, 2009 at 11:44 pm

    I think this is the right direction for the future. I have been using Verisign VIP access for my eBay and PayPal accounts for months now and really like it. Additionally I have been using Bank of America’s enhanced SiteKey service with Text messaging that sends me a one time code when I log in from a different computer, add a new payee or other significant events.

    I know that these aren’t perfect solutions, but I find them a significant step forward over simple user IDs and password combinations and feel far safer for using them. I use the Verisign solution on my iPhone so I don’t need to carry around a separate token and that makes all the difference to me.

    You have seen other companies moving this direction as well like Blizzard’s Battle.net accounts with an iPhone and Blackberry token in addition to a separate token. All in all, this seems directionally correct to me as almost anyone who is using an online service such as these has a mobile phone.

  • 4 John Pescatore   October 21, 2009 at 8:42 am

    The beauty of a one time password code is that it doesn’t matter if it gets captured or shared – it won’t work the next time, as long as it is done right.

Leave a Comment