Comments on: Two-Factor Part II – OpenID, VeriSign PIP and PhoneFactor http://www.claritech.ca/2009/11/two-factor-ii/ Information technology made simple. Fri, 01 Jul 2011 21:17:04 +0000 hourly 1 http://wordpress.org/?v=3.1.3 By: Dave Boden http://www.claritech.ca/2009/11/two-factor-ii/comment-page-1/#comment-95 Dave Boden Fri, 25 Dec 2009 19:58:32 +0000 http://www.claritech.ca/?p=191#comment-95 Good article. It's a massive shame that UK mobile networks are charging too much so PhoneFactor don't support mobiles in the UK :( Seems like a very good idea. Many of these 2 factor solutions allow a hacker access by just using your email address and password (which can both be keylogged) if the hacker claims that "I've lost my secure token". I've documented the problem with VeriSign PIP here and suggested how it could be tackled to make a solution robust enough for online banking: http://www.daveboden.com/Home/openidissues Good article. It’s a massive shame that UK mobile networks are charging too much so PhoneFactor don’t support mobiles in the UK :( Seems like a very good idea.

Many of these 2 factor solutions allow a hacker access by just using your email address and password (which can both be keylogged) if the hacker claims that “I’ve lost my secure token”. I’ve documented the problem with VeriSign PIP here and suggested how it could be tackled to make a solution robust enough for online banking:

http://www.daveboden.com/Home/openidissues

]]>