http://www.msnbc.msn.com/id/17822386/
This Dateline piece makes it abundantly clear just how easily a thief can obtain credentials - like a credit card number, password, user ID, etc - and wreak havoc on a victim in a matter of minutes. Some scams are more elaborate than others, but the bottom line is always the same - if you can type in a few pieces of information, the computer on the other end of the line doesn't know the difference between you and the real owner of those credentials.
That's what 2-factor authentication is for. If the merchants in this story required a physical authentication device (Something You Have) in addition to the knowledge-based authentication (Something You Know) the thieves would have no way to use the data they've collected to do any damage.
No comments:
Post a Comment