Steve Riley sent me an email message about a post on his blog. He needs feedback from all of you on how to solve a challenging problem. The challenge revolves around using public computers or kiosks to access your corporate data. If we all used smartcards, and all machines had smartcard readers, then we’d have a nice multi factor auth system. However, smartcard utopia doesn’t exist.
You can read a nice description of the problem at http://blogs.technet.com/steriley/archive/2006/04/20/425824.aspx.
So what would you like a two factor authentication system to look and act like? Give Steve some good feedback at the post linked above.
My solution would be to create a smartcard emulator on a USB flash “drive”. Securely store the certs on the device. USB is a pretty prevalent port on machines, at least more so than anything else I can think of. Would that work?