Multi Factor Authentication For My Car

With computer security so much in the news, it’s worth learning a new phrase: “multi factor authentication”.

When you log in to a website with a username and password, those two together make up a single “factor” of authentication. They both represent something you know.

If the website (as Google now allows you to do) challenges you to punch in a code that is sent to your phone by text message, in addition to your username and password, that is “two factor authentication”. Your user name and password combination are the first factor, the sms message code (which proves that you physically poses the mobile phone associated with your account) is the “second factor”.

So what about your car? Most cars in the world are single factor authentication. They can be opened, started and driven away with just a key. That physical key (even if it contains sophisticated remote control codes) is the single factor.

In Israel we have, mandated by law and enforced by all the insurance companies who won’t insure your car without this, multi-factor authentication.

The mechanism is a small device near the stearing wheel that waits for a short code to be entered. The combination of a normal car key and something you know in your head (in the form of the short code) represent multi factor authentication for your car.

Now obviously if you go and write the code on the sun-visor or on a tag attached to the key ring, that’s pretty dumb. But other than that, the system does provide some extra security. Of course if they really want  your car, they’ll car jack you. I wouldn’t hold back on telling anyone with a gun to take my car!

About Brian of London

Brian of London is not the messiah, he's a very naughty boy. Since making aliyah in 2009, Brian has blogged at Israellycool. Brian's interests include electric cars, world peace and an end to world hunger. Besides blogging here, Brian of London now writes at the Times of Israel. Brian of London also hosted Shire Network News

One incoming link

Kick Me: Richard Silverstein’s Hack That Never Was | Israellycool
09 September 2012 at 10:09am
[...] park. If I were to leave the keys in the ignition, a note on the steering wheel ...

Facebook Comments

  • Shy Guy

    If I remember correctly (CSI episode?), there is another form of authentication built into certain electronic door openers in car keys and the paired receiver in the car.

    With most standard electronic car keys, these signals can be intercepted and copied by another device to gain illegal entrance to a vehicle’s interior.

    However, there are keys and receivers who change their signals from one door opening to the next and the algorithm to keep the signal changes synchronized are unique or semi-unique from one key/receiver set to the next.

    • http://www.israellycool.com/author/brianoflondon/ Brian of London

      These fancy code exchange systems built into modern key fobs are still only single factor authentication because in nearly every case they’re built into the physical key! If you can’t separate two things, they’re a single factor.

      That’s why a Username & Password together are a single factor: you remember both in your head.

  • Pingback: Kick Me: Richard Silverstein’s Hack That Never Was | Israellycool()

Israellycool is testing Sovevos. Click for more info.