[WEB SECURITY] Jakob Nielsen's Stop Password Masking

Bil Corry bil at corry.biz
Sun Jul 12 17:33:44 EDT 2009

Shawn K. Hall wrote on 7/11/2009 8:56 PM: 
>> Two factor authentication.
>> What I have - Smart Card  / FOB
>> What I know - PIN
>> Even if there is shoulder surfing or keystoke logging, unless 
>> they have physical possession of the smart card they cannot
>> break in
> Unless they have the ability to clone "what you have".

This is a somewhat recent example:


- Bil

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list