Google Authenticator for multi-factor authentication
Posted Dec 12, 2011 19:00 UTC (Mon) by BenHutchings
In reply to: Google Authenticator for multi-factor authentication
Parent article: Google Authenticator for multi-factor authentication
The implementation used in the UK (Visa calls this 'Verified by Visa'; I forget what Mastercard calls it) is even better: no dialog, but an IFRAME. Cardholders are expected to enter their 'secret' details into random shopping sites that embed a frame that probably comes from the payment network. This is literally indistinguishable from phishing, since most users cannot determine where the frame really comes from, and even if they can a framing site can generally snoop on all interaction with a frame.
to post comments)