[WEB SECURITY] New two-stage login procedure
Brian Eaton
eaton.lists at gmail.com
Wed Dec 13 12:46:48 EST 2006
On 12/13/06, Esteban Ribičić <kisero at gmail.com> wrote:
> a smarter would be:
>
> 1) user calls from a defined number (mobile) to a pbx
> 2) pbx checks any and ask for a code
> 3) pbx replies with a token
>
> user logs with this normal credentials (bank account and password) + token +
> "common pool of questions".
>
> its not expensive...asterisk can do it.
Caller ID spoofing seems like a problem with this system:
http://www.securityfocus.com/news/9822
Regards,
Brian
More information about the websecurity
mailing list