[WEB SECURITY] New two-stage login procedure

Esteban Ribičić kisero at gmail.com
Wed Dec 13 12:22:23 EST 2006


sorry...i mean ANI ... bloody spell corrector!!

On 12/13/06, Esteban Ribičić <kisero at gmail.com> wrote:
>
> the problem with the sms is they might not reach destination due third
> party problems (carrires, etc) i used that as a token for my company vpn
> system...
>
> a smarter would be:
>
> 1) user calls from a defined number (mobile) to a pbx
> 2) pbx checks any and ask for a code
> 3) pbx replies with a token
>
> user logs with this normal credentials (bank account and password) + token
> + "common pool of questions".
>
> its not expensive...asterisk can do it.
>
> my 5p
>
>
>  On 12/13/06, Brian Eaton <eaton.lists at gmail.com> wrote:
> >
> > On 12/13/06, Brian Eaton <eaton.lists at gmail.com> wrote:
> > > They ask for three digits, so there
> > > are 1000 possibilities.
> >
> > <blush>
> >
> > I can't count.  They ask for three digits, but order doesn't matter.
> > Assuming they won't ask for you to enter the same digit multiple
> > times, there are 120 possibilities, not 1000.
> >
> > Whoops.
> >
> > Regards,
> > Brian
> >
> >
> > ----------------------------------------------------------------------------
> > The Web Security Mailing List:
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives:
> > http://www.webappsec.org/lists/websecurity/archive/
> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20061213/1c6675d8/attachment.html>


More information about the websecurity mailing list