Comment on Tutorial - The Failure of 2FA / Two-Factor Authentication By Bruce Schneier



Comment Added by : Joe Bloggs

Comment Added at : 2013-04-22 13:40:24

Comment on Tutorial : The Failure of 2FA / Two-Factor Authentication By Bruce Schneier
All true, but the 2FA that has been implemented for some years by my bank (Barclays) requires transaction details (e.g. amount and destination account number) to be keyed into the authentication token (which has its own keypad) and the signed response to be keyed into the website.

The token uses the crypto module on my bank card's chip, so is a relatively cheap device interchangeable which is between all of the bank's customers.

This mitigates against both trojans and MITM as it prevents the attacker from performing any malicious activity once logged in without somehow getting me to enter their chosen amount and account number into the signing device (albeit they can still view my account statements, which may also be undesirable).

I'm pretty sure that Barclays are not the only bank in the UK to adopt this approach, and would be surprised if other countries had not also followed suit. Of course, the US are still to adopt chips on bank cards, so are many years behind the rest of the world on this one.


View Tutorial



Subscribe to Tutorials

Related Tutorials

Program using concept of byte long short and int in java

Update contents of a file within a jar file

Tomcat and httpd configured in port 8080 and 80

Java File

Java String

Count number of vowels, consonants and digits in a String in Java

Reverse a number in Java

Student marks calculation program in Java

Handling Fractions in Java

Calculate gross salary in Java

Calculate average sale of the week in Java

Vector in Java - Sample Program

MultiLevel Inheritance sample in Java

Multiple Inheritance sample in Java

Java program using Method Overriding

Archived Comments

1. hi.I am new in j2me and really want to learn more.
View Tutorial          By: grace at 2010-10-25 10:40:32

2. I want java
View Tutorial          By: A.S.Vtihyatharan at 2009-12-01 03:25:36

3. This is very good Article. On high level I am anba
View Tutorial          By: Sandeep at 2010-08-27 00:40:22

4. It would be nice to add the line,


View Tutorial          By: Anonymous at 2009-08-30 07:59:10

5. thanks f0r this p0st... it heLped me much... keep
View Tutorial          By: martz at 2009-04-29 02:27:19

6. THNX RAMLAK..
HEY RAMLAK I HAVE A LOT OF DO

View Tutorial          By: Vinod at 2009-01-02 22:04:40

7. program is very long
View Tutorial          By: ajit kumar at 2012-04-21 03:57:13

8. 3. Write a program that will continuously ask for
View Tutorial          By: basil at 2011-08-04 13:00:30

9. SMSC number is the sms center no. put the sim to a
View Tutorial          By: Java MAn at 2012-01-28 19:08:23

10. what about (!isset)?? the isset with "!"
View Tutorial          By: bali web design at 2011-04-21 12:51:38