2-factor authentication with SSL-certificates… defeated

Once up on a time somewhere in the Netherlands, there was a guy who gave me all his usernames and passwords to enter the systems he has access to.

Their was an application accessable via the Internet, although you need a personal SSL-certificate before you can even enter your username and password

But… no problems… just copy the personal certificate out of MS IE… and load it on another machine… log in… and you’ve entered the matrix.

As you can see… the human is the critical factor in security!

Note: The case as described above was a bet with a good friend of mine, no illegal actions did happen!!!