Google Authenticator for multi-factor authentication
Posted Dec 9, 2011 1:23 UTC (Fri) by giraffedata
In reply to: Google Authenticator for multi-factor authentication
Parent article: Google Authenticator for multi-factor authentication
The signature is something you are, not something you know. It comes from too low a part of the brain to be in the same category as a password.
The system really doesn't rely on a semi-trusted point-of-sale agent; the retailer is about as untrusted as anyone by VISA, which is why he used to have to get an imprint of the card, and now has to swipe it through a reader. To prove to a large extent that the card was actually present. In addition, the retailer has to produce a signature that reasonably matches the one on the card, proving to some extent that the owner of the card was there too.
The only thing I've seen change since the early days is that for small transactions, someone - I don't know if it's Visa or the retailer - is now willing to take the risk of fraud in exchange for speed and convenience.
to post comments)