User: Password:
|
|
Subscribe / Log in / New account

Google Authenticator for multi-factor authentication

Google Authenticator for multi-factor authentication

Posted Dec 12, 2011 19:00 UTC (Mon) by BenHutchings (subscriber, #37955)
In reply to: Google Authenticator for multi-factor authentication by epa
Parent article: Google Authenticator for multi-factor authentication

The implementation used in the UK (Visa calls this 'Verified by Visa'; I forget what Mastercard calls it) is even better: no dialog, but an IFRAME. Cardholders are expected to enter their 'secret' details into random shopping sites that embed a frame that probably comes from the payment network. This is literally indistinguishable from phishing, since most users cannot determine where the frame really comes from, and even if they can a framing site can generally snoop on all interaction with a frame.


(Log in to post comments)

Google Authenticator for multi-factor authentication

Posted Dec 13, 2011 7:10 UTC (Tue) by paulj (subscriber, #341) [Link]

So, for the UK, the thing to do is to just ignore the VbV password crap. Hit the "Forgot password" link every time, enter the card data, enter some long, random data for the new password - then forget that.

I don't know if there's causation, but after a couple of times of doing this, I now no longer get prompted at all anymore for a VbV password. ;)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds