Kerberos & Two-factor auth

• In addition to a secret password, user is required to present a physical item:

• A small electronic device: h/w authentication token
• Generates non-reusable numeric responses

• Called 2-factor authentication, because it requires 2 things:

• Something the user knows (password)
• Something the user has (hardware token)