[WEB SECURITY] Jakob Nielsen's Stop Password Masking

Shawn K. Hall security at reliableanswers.com
Sat Jul 11 21:56:37 EDT 2009


> Two factor authentication.
>  
> What I have - Smart Card  / FOB
>  
> What I know - PIN
>  
> Even if there is shoulder surfing or keystoke logging, unless 
> they have physical possession of the smart card they cannot
> break in

Unless they have the ability to clone "what you have".



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list