Advertisement
Promo

Toolkit

In association with HP

Talkback

Post a comment


Story: Microsoft: Two-factor authentication would thwart phishers

  • Previous comment

Posted by: Thomas L. Jones, Ph.D. (Sunday 21 November 2004, 3:38 AM)

  • Reply

From Tom:

Here's the idea: If you want to login to your bank account, you would have to provide two different factors. One of them would be provided by a special hardware device, and would change about every five minutes.

Now suppose the user has fallen for a phishing scam, and has be tricked into visiting a bogus Web site. If the victim can be tricked into entering one PIN number, why could he or she not be tricked into entering the second factor? In fairness, the attacker would only have a few minutes to steal the information and send it to a remote location. But in my opinion, that would not be too hard for an attacker to do.

Tom
Thomas L. Jones, Ph.D., Computer Science
DrJones@alum.MIT.edu

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters