mobile phone + password = 2 factor auth?
Eric Christensen
eric at christensenplace.us
Tue May 26 19:23:52 UTC 2009
On Tue, May 26, 2009 at 15:13, Jeroen van Meeuwen <kanarip at kanarip.com> wrote:
> Although this is entirely true, my bank sure considers my phone safe enough
> to send me one-time transaction confirmation codes that are only valid with
> the existing session.
>
> So, to hack this, you would need access to my phone as well as my current
> session.
>
> -Jeroen
I'm glad your bank considers your phone safe enough. But do you?
Your bank puts the security of your money in your hands which is fine
for them because it isn't their money.
Remember, messages going through the Internet to the phone company to
your phone isn't encrypted or otherwise protected.
- Eric "Sparks"
More information about the Fedora-infrastructure-list
mailing list