User: Password:
|
|
Subscribe / Log in / New account

Google Authenticator for multi-factor authentication

Google Authenticator for multi-factor authentication

Posted Dec 8, 2011 13:41 UTC (Thu) by epa (subscriber, #39769)
In reply to: Google Authenticator for multi-factor authentication by ekj
Parent article: Google Authenticator for multi-factor authentication

You're forgetting 'enhanced security' in some countries where a crappy dialogue box asks for your password. If you don't know the password, don't worry, you can reset it by providing your bank account number (embossed on card) and your date of birth (*not* on the card, but hardly a secret either).


(Log in to post comments)

Google Authenticator for multi-factor authentication

Posted Dec 9, 2011 15:53 UTC (Fri) by skitt (subscriber, #5367) [Link]

Some websites I place orders on now support an extra step, where my bank sends a one-time code to my mobile phone which I then enter to confirm the transaction. I don't know how widespread this is or what the determining factors are; I've seen it used with cards issued by various banks and via both Visa and MasterCard.

Wikipedia is your friend...

Posted Dec 9, 2011 16:04 UTC (Fri) by khim (subscriber, #9252) [Link]

It all explained in much details where usually such things are explained.

Wikipedia is your friend... or foe

Posted Dec 15, 2011 14:24 UTC (Thu) by gvy (guest, #11981) [Link]

Victor, just for the neutrality (pun intended): the technical articles on wikipedia might be reasonable (but that's not a given), while e.g. historical or national ones tend to get ugly and distorted by a strangely constant factor. You might be interested in [[VP:ISK256]] (translit back to Cyrillic) on ru.wikipedia.org.

Google Authenticator for multi-factor authentication

Posted Dec 9, 2011 16:26 UTC (Fri) by dlang (subscriber, #313) [Link]

the determining factor is if the website has opted to implement such a feature.

Google Authenticator for multi-factor authentication

Posted Dec 12, 2011 19:00 UTC (Mon) by BenHutchings (subscriber, #37955) [Link]

The implementation used in the UK (Visa calls this 'Verified by Visa'; I forget what Mastercard calls it) is even better: no dialog, but an IFRAME. Cardholders are expected to enter their 'secret' details into random shopping sites that embed a frame that probably comes from the payment network. This is literally indistinguishable from phishing, since most users cannot determine where the frame really comes from, and even if they can a framing site can generally snoop on all interaction with a frame.

Google Authenticator for multi-factor authentication

Posted Dec 13, 2011 7:10 UTC (Tue) by paulj (subscriber, #341) [Link]

So, for the UK, the thing to do is to just ignore the VbV password crap. Hit the "Forgot password" link every time, enter the card data, enter some long, random data for the new password - then forget that.

I don't know if there's causation, but after a couple of times of doing this, I now no longer get prompted at all anymore for a VbV password. ;)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds