Paypal recently rolled out a 2-factor authentication option:
https://www.paypal.com/securitykey
The trouble here - and with any One Time Password (OTP) device - is that these systems are quite vulnerable to Man in the Middle (MITM) attacks. If a thief can get in between your browser and the server, they can pass through your OTP along with your other credentials without your knowledge, and hijack your session at that point, once the server believes a valid session has been established.
What's really needed here is a second channel of authentication and security, relying on a physical hardware device (Something You Have) that can only be checked dynamically by the software system itself, and that is completely independent of the actual systems you're trying to access (i.e. banking website).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment