[WEB SECURITY] New two-stage login procedure
kisero at gmail.com
Wed Dec 13 15:30:21 EST 2006
Well, its not easy spoofing anymore...besides its phone + key
(normally four digits one)
On 12/13/06, Brian Eaton <eaton.lists at gmail.com> wrote:
> On 12/13/06, Esteban Ribičić <kisero at gmail.com> wrote:
> > a smarter would be:
> > 1) user calls from a defined number (mobile) to a pbx
> > 2) pbx checks any and ask for a code
> > 3) pbx replies with a token
> > user logs with this normal credentials (bank account and password) + token
> > "common pool of questions".
> > its not expensive...asterisk can do it.
> Caller ID spoofing seems like a problem with this system:
More information about the websecurity