[WEB SECURITY] New two-stage login procedure

Brian Eaton eaton.lists at gmail.com
Wed Dec 13 12:46:48 EST 2006


On 12/13/06, Esteban Ribičić <kisero at gmail.com> wrote:
> a smarter would be:
>
> 1) user calls from a defined number (mobile) to a pbx
> 2) pbx checks any and ask for a code
> 3) pbx replies with a token
>
> user logs with this normal credentials (bank account and password) + token +
> "common pool of questions".
>
> its not expensive...asterisk can do it.

Caller ID spoofing seems like a problem with this system:

http://www.securityfocus.com/news/9822

Regards,
Brian


More information about the websecurity mailing list