http://smstextnews.disqus.com/Daily news and opinion for 250,000 industry executives and mobile fanaticsenWed, 02 Jul 2008 05:55:12 -0000http://www.smstextnews.com/2008/06/podcast_episode_11.html#comment-796465Two 'something you haves' are obviously better than 1 in some scenarios, but in a number of others there's no benefit at all - a thief can steal my phone and token from a hotel just as easily as the phone alone for instance.<br><br>WRT the passcode, M4E enforces a 3 (or is it 5?) attempts then completely wipes the device to prevent brute forcing.bensmithWed, 02 Jul 2008 05:55:12 -0000http://www.smstextnews.com/2008/06/podcast_episode_11.html#comment-795156The hope with the tiered idea was that you would encounter the extra authentication bits less often than you currently do. I have not run into what you were talking about (luckily, my phone is just for fun at the moment) so my theory may not mesh well into real-world application.<br><br>I get the "something you have, something you know" paradigm, but isn't something you have + something else you have more powerful? Might have to look at what Schneier has to say on that, but it seems like having the phone and having your face/having a fob would be more secure than a passcode that could be guessed, brute forced, etc. Again, something for real-world experimentation as this is just brainstorming at the moment.bogartTue, 01 Jul 2008 22:41:34 -0000http://www.smstextnews.com/2008/06/podcast_episode_11.html#comment-793934Yes - Jay knows his stuff good 'n proper... a privilege to have him on.<br><br>Interesting thoughts re: security. I'm not sure our corporate security types would go for the token approach - they prefer to match 'something you have' and 'something you know'... a token might be one too many 'something you haves'... although it sounds like an option for consumers potentially.<br><br>Definitely like the tiered authentication bit - that ties nicely with Nokia's attempt to add dual use personal / business features to the E-series so they could be secured independently... like so much here though I think it would all be in the execution. Anything more cumbersome would be unwelcome on my devices!bensmithTue, 01 Jul 2008 19:08:39 -0000http://www.smstextnews.com/2008/06/podcast_episode_11.html#comment-792463Great podcast all around, I thought Jay Fenton had some great insight into the Symbian announcement.<br><br>Ideas for fingerprint-less security: The camera could be used to either recognize your face, or you could carry a 2D barcode "fob" on your keychain (or elsewhere) that could be scanned with the camera. Oh, thought of another: a bluetooth fob that is on your keychain. All of these sound kind of cumbersome, but that's the brainstorming for now.<br><br>What might be better would be for only certain apps to rrequire this extended security (another signing mechanism) so that, say, Mail 4 Exchange requires it, but you do not need to jump through those hoops just to make a call. If that were the case, it would be nice to have an area on the file system similarly protected, making the handset a secure file storage device.bogartTue, 01 Jul 2008 16:01:47 -0000http://www.smstextnews.com/2008/06/podcast_episode_11.html#comment-785102good podcast guys! Agree with all your comments about Blyk, just waiting for a decent operator to come out with a similar model that works! :)rickycMon, 30 Jun 2008 18:15:16 -0000