Good evening, Victor: Unfortunately, perception is reality in all matters electoral in Kenya. Denis & Ngigi: SMS 2FA is not exactly full proof as a solution to the problem of voter verification. What if phone numbers change, get lost or expire? How does that voter then confirm their polling station & details? Washington: Glad we agree. Donge! Grace: 1) In an ideal world, NRB should update their database and sambaza changes to all connected parties in case of a serial number or any other change. 2) As we await stricter privacy laws, we are at the liberty of the service provider whom we trust to do the right thing. Regards, EC On Fri, Jun 30, 2017 at 7:13 PM, Ngigi Waithaka via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Mark,
On a security vs affordability basis, how exactly would SMS 2FA not be an effective solution?
Unless you are going to hack the Telco SMS Gateway where the SMS is in clear txt, in which case I would think even our M-Pesa Pins would be vulnerable, where else is do you have a credible attack surface?
Rgds
On Fri, Jun 30, 2017 at 3:25 PM, Mark Kipyegon via kictanet < kictanet@lists.kictanet.or.ke> wrote:
SMS as a form of 2FA is unsuitable considering the sensitivity of such information. On the other hand a government backed smart card would offer the appropriate level of authentication without locking out access to a section of users.
On 30 Jun 2017, at 12:30, "Denis G. Wahome" <dwahome@gmail.com> wrote:
Mark,
While I do concur completely with your observation. I was considering the user group for the service. Other more advanced mechanisms would reduce the usability/accessibility by a large portion of the Country.
A better way would be a registration process to access your records where one can select a Channel for 2FA
Denis
On Fri, Jun 30, 2017 at 10:54 AM, Mark Kipyegon via kictanet < kictanet@lists.kictanet.or.ke> wrote:
SMS is not a secure implementation of two factor authentication.
On 30 Jun 2017, at 10:40, "kictanet-request@lists.kictanet.or.ke" < kictanet-request@lists.kictanet.or.ke> wrote:
A simple 2 Factor Authentication mechanism via SMS would suffice to
start
with.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- *Regards,*
*Wait**haka Ngigi* Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000 www.at.co.ke
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/echebukati%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.