17 Dec
2003
17 Dec
'03
11:17 p.m.
Having a separate authentication mechanism that is used under duress is a very good idea that some existing systems already employ. I'll pass along the ones I have had contact with. From a systems point of view, it is hard to figure out exactly how the system should respond when it recognizes a duress authentication. There are competing interests as I'll explain after some examples.
The SecureID system has a duress PIN built in to it as well. Using that PIN, you're still authenticated, but the server software knows that you entered it under duress and does the "appropriate" thing. -David