If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Phishing attack evades bank’s two-factor authentication | The Register
If nothing else this serves as a reminder of how security systems can only mitigate against the risk of attack and not prevent it completely. Using a one time password (OTP) as described here only reduces the attack vectors by limiting the time that an attack can take place. Of course, adding mutual authentication to a system would further reduce the risk as would enabling users to have more control over the authentication methods used.
This, of course, is the reason that “user-centric” identity methods have been developed, and in this area in particular the use of cardspace can be seen to be of most advantage. I doubt that “phishing” will ever be completely eradicated, but the work taking place at the moment will go a long way towards helping users to avoid these situations in future.
Loading ...