[WEB SECURITY] New two-stage login procedure

Brian Eaton eaton.lists at gmail.com
Wed Dec 13 12:46:48 EST 2006

On 12/13/06, Esteban Ribičić <kisero at gmail.com> wrote:
> a smarter would be:
> 1) user calls from a defined number (mobile) to a pbx
> 2) pbx checks any and ask for a code
> 3) pbx replies with a token
> user logs with this normal credentials (bank account and password) + token +
> "common pool of questions".
> its not expensive...asterisk can do it.

Caller ID spoofing seems like a problem with this system:



More information about the websecurity mailing list