Two-factor authentication
Two-factor authentication
Posted Sep 2, 2011 23:12 UTC (Fri) by jonoberheide (guest, #71029)In reply to: Two-factor authentication by slashdot
Parent article: kernel.org compromised
Actually, our Duo Push authentication allows you to approve/deny individual transactions as you see fit, preventing the sort of session-riding attack that you're referring to.
For example, in the follow screenshot, you can see the exact command that an attacker is attempting to execute:
http://blog.duosecurity.com/wp-content/uploads/2011/04/pu...
Obviously, you would deny the attacker's attempted "rm -rf" here. ;-)
Regards,
Jon Oberheide