Comment on Tutorial - The Failure of 2FA / Two-Factor Authentication By Bruce Schneier
Comment Added by : Joe Bloggs
Comment Added at : 2013-04-22 13:40:24
Comment on Tutorial : The Failure of 2FA / Two-Factor Authentication By Bruce Schneier
All true, but the 2FA that has been implemented for some years by my bank (Barclays) requires transaction details (e.g. amount and destination account number) to be keyed into the authentication token (which has its own keypad) and the signed response to be keyed into the website.
The token uses the crypto module on my bank card's chip, so is a relatively cheap device interchangeable which is between all of the bank's customers.
This mitigates against both trojans and MITM as it prevents the attacker from performing any malicious activity once logged in without somehow getting me to enter their chosen amount and account number into the signing device (albeit they can still view my account statements, which may also be undesirable).
I'm pretty sure that Barclays are not the only bank in the UK to adopt this approach, and would be surprised if other countries had not also followed suit. Of course, the US are still to adopt chips on bank cards, so are many years behind the rest of the world on this one.
View Tutorial
- Data Science
- Android
- AJAX
- ASP.net
- C
- C++
- C#
- Cocoa
- Cloud Computing
- HTML5
- Java
- Javascript
- JSF
- JSP
- J2ME
- Java Beans
- EJB
- JDBC
- Linux
- Mac OS X
- iPhone
- MySQL
- Office 365
- Perl
- PHP
- Python
- Ruby
- VB.net
- Hibernate
- Struts
- SAP
- Trends
- Tech Reviews
- WebServices
- XML
- Certification
- Interview
categories
Subscribe to Tutorials
Related Tutorials
Program using concept of byte long short and int in java
Update contents of a file within a jar file
Tomcat and httpd configured in port 8080 and 80
Count number of vowels, consonants and digits in a String in Java
Student marks calculation program in Java
Calculate gross salary in Java
Calculate average sale of the week in Java
Vector in Java - Sample Program
MultiLevel Inheritance sample in Java
Archived Comments
1. HI your explanation is absolutely correct but I am
View Tutorial By: Anil R. Chinchawade at 2010-07-28 02:02:01
2. dear sir/madam
I am using netbeans IDE 7.0
View Tutorial By: bangaram at 2011-07-19 12:03:04
3. I have error on "serversocket", vb.net h
View Tutorial By: stephen at 2012-07-14 19:40:03
4. Please let me know the SMSConnector number of any
View Tutorial By: Chandra Shekhar at 2009-04-01 00:21:54
5. welll program runs but fails at the statement wher
View Tutorial By: Aman Aggarwal at 2009-03-22 22:42:52
6. thanks buddy is's very nice and useful example
View Tutorial By: mayur at 2012-11-05 05:00:11
7. document.loginform.userName.focus();
return
View Tutorial By: Parthiban at 2014-07-21 08:03:00
8. hi.. all.. its working fine for me... thank u ver
View Tutorial By: Padmaraj at 2009-04-01 09:42:29
9. the tutorial is good and i am satisfied to it i wa
View Tutorial By: sheraz at 2011-11-07 02:08:55
10. yes simple good it wroking goog
View Tutorial By: durga prasad pavirala at 2009-02-11 03:43:04