14 Feb
2013
14 Feb
'13
10:49 a.m.
On Thu, Feb 14, 2013 at 7:11 AM, Paul Libbrecht <paul(a)hoplahup.net> wrote:
The two stage tokens is the underlying way it works in
OAuth, I'm not
saying it's the way you intend it.
Please explain or give references.
Paul
I think we are at cross purposes, I mean a token as a hardware device such
as an RSA fob, or softphone application such as Google Authenticator, a
"device" that provides the "something your have".
To provide two examples
For me to login to gmail, I enter my username and password, and I am then
prompted to enter the six digit authentication code from
Google Authenticator running on my phone.
For me to login to a specific VPN, I enter a username, password and code
displayed on an RSA fob.
Cheers