[LINK] Phishing past two-factor authentication
Marghanita da Cruz
marghanita at ramin.com.au
Fri Apr 20 13:14:45 AEST 2007
Howard Lowndes wrote:
>
>
> Richard Chirgwin wrote:
>
>> Linkers,
>>
>> If a two-factor method is insufficient to protect (stupid) customers,
>> then I guess it's quite unreasonable for any bank to "blame the
>> customer".
>>
>> http://www.theregister.co.uk/2007/04/19/phishing_evades_two-factor_authentication/
>
>
>
> It doesn't say so, but I guess this might have used a poisoned DNS or a
> hacked hosts file.
>
> <--------- Fool Money --------->
>
>
Or someone else's money....I don't quite understand what "2 factor
authentication" means.
> Two-factor authentication for online banking usually involves passwords and tokens which provide synchronised, constantly changing numbers to use as additional evidence of identity.
From this description it seems to be some kind of one time password.
Marghanita
--
Marghanita da Cruz
http://www.ramin.com.au/
Telephone: 0414-869202
More information about the Link
mailing list