Google Authenticator for multi-factor authentication
Posted Dec 9, 2011 16:27 UTC (Fri) by giraffedata
In reply to: Google Authenticator for multi-factor authentication
Parent article: Google Authenticator for multi-factor authentication
I find it impossible to regard a signature as being in any useful sense "something you are". The useful property of "something you are" credentials is that a fraudster can't learn to have them, and a fraudster can certainly learn to have your signature.
And yet the main reason signatures exist is that many people do regard them as something you are, being difficult for a fraudster to learn.
I, for example, could almost certainly not reproduce your signature, no matter how much I practiced. So there's one fewer fraudster to worry about.
None of the security mechanisms we're talking about are perfect, so it's all about reducing, not eliminating, the chance of fraud.
In any case, it's not "something you know" -- if it were, then you could instantly disclose to someone how to write your signature.
(Incidentally, the other major purpose of a signature that people often overlook is not as security, but as a statement. The fact that someone wrote his name (or even an X) on a piece of paper makes it impossible for him to argue he didn't mean to commit himself. As most people are honest, whether he signed or not is often not disputed).
to post comments)