Comment on Tutorial - The Failure of 2FA / Two-Factor Authentication By Bruce Schneier
Comment Added by : Joe Bloggs
Comment Added at : 2013-04-22 13:40:24
Comment on Tutorial : The Failure of 2FA / Two-Factor Authentication By Bruce Schneier
All true, but the 2FA that has been implemented for some years by my bank (Barclays) requires transaction details (e.g. amount and destination account number) to be keyed into the authentication token (which has its own keypad) and the signed response to be keyed into the website.
The token uses the crypto module on my bank card's chip, so is a relatively cheap device interchangeable which is between all of the bank's customers.
This mitigates against both trojans and MITM as it prevents the attacker from performing any malicious activity once logged in without somehow getting me to enter their chosen amount and account number into the signing device (albeit they can still view my account statements, which may also be undesirable).
I'm pretty sure that Barclays are not the only bank in the UK to adopt this approach, and would be surprised if other countries had not also followed suit. Of course, the US are still to adopt chips on bank cards, so are many years behind the rest of the world on this one.
- Data Science
- Cloud Computing
- Java Beans
- Mac OS X
- Office 365
- Tech Reviews
Subscribe to Tutorials
1. Does your Siemens CX75 can show up as COM port dev
View Tutorial By: mchon at 2008-10-10 18:24:11
2. This solution worked like a charm, thank you. I ha
View Tutorial By: budfox at 2014-07-15 14:25:16
3. Plz show me how to use main method reccurssively p
View Tutorial By: Jyoti Bankar at 2011-07-14 10:31:53
4. my question is the same of sajjad.what about (!iss
View Tutorial By: hossain at 2012-04-26 04:28:56
6. how to multiply 2.54*0.7071 using only bitwise ope
View Tutorial By: vindya at 2012-01-12 07:23:08
7. A phone is considered a good phone if all of the f
View Tutorial By: harish at 2012-12-24 06:59:04
10. There is possible to include 2 conditions in for l
View Tutorial By: aarthi at 2012-12-10 12:08:50