[WEB SECURITY] Jakob Nielsen's Stop Password Masking

John Steer jtsteer at hotmail.com
Sat Jul 11 20:09:41 EDT 2009


Two factor authentication.

 

What I have - Smart Card  / FOB

 

What I know - PIN

 

Even if there is shoulder surfing or keystoke logging, unless they have physical possession of the smart card they cannot break in
 
> From: security at reliableanswers.com
> To: bil at corry.biz; michael at winterstorm.ca
> CC: websecurity at webappsec.org
> Date: Sat, 11 Jul 2009 15:43:20 -0700
> Subject: RE: [WEB SECURITY] Jakob Nielsen's Stop Password Masking
> 
> > > Rather than calling for the abandonment of masking, Nielsen 
> > > (whose has earned the respect that his voice carries) should
> > > be calling for alternate input methods that are resilient in
> > > the face of surveillence and afford higher usability.
> > 
> > Anyone know more about this technology?
> 
> Biometrics are a good example (fingerprint scanners and so forth).
> 
> 
> 
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
> 
> Have a question? Search The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> 
> Subscribe via RSS: 
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090711/8df46561/attachment.html>


More information about the websecurity mailing list