[WEB SECURITY] Jakob Nielsen's Stop Password Masking
Bil Corry
bil at corry.biz
Sun Jul 12 17:33:44 EDT 2009
Shawn K. Hall wrote on 7/11/2009 8:56 PM:
>> Two factor authentication.
>>
>> What I have - Smart Card / FOB
>>
>> What I know - PIN
>>
>> Even if there is shoulder surfing or keystoke logging, unless
>> they have physical possession of the smart card they cannot
>> break in
>
> Unless they have the ability to clone "what you have".
This is a somewhat recent example:
http://www.h-online.com/security/news/113126
- Bil
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list