Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Krista H_Authentify

(1 post)

1. Not All Two-Factor Authentications are the Same

Reply to dixiegrrrrl (Original post)

Thu Jul 24, 2014, 03:01 PM

Jul 2014

Two-factor authentication is a solid security practice, but the techniques vary quite a bit. The OTP exploited by Emmental is obviously flawed because the hackers have redirected the OTP to themselves. An interactive second factor to authenticate the actual person POST-LOGIN like a voice biometric or fingerprint would have stopped some of the Emmental account hijacks. A phone call over the voice channel of the mobile phone repeating the actual transaction details, like “To send $5,000 to an account ending in Ivan666 do this… to cancel do that” would catch the end users attention if they were sending $50 to the electric company.

Edit history

Please sign in to view edit histories.

1 replies

= new reply since forum marked as read

Highlight:

Hackers bypass online security at 34 banks-can get past two-factor authentication [View all] dixiegrrrrl Jul 2014 OP

Not All Two-Factor Authentications are the Same Krista H_Authentify Jul 2014 #1