On Tue, 10 Apr 2012 22:10:01 -0400 Jeffrey Walton wrote: > Two factor authentication using a cell phone was recently broken: > "Two-channel breached: a milestone in threat evaluation, and a floor > on monetary value", > http://financialcryptography.com/mt/archives/001349.html
That's not broken. If you don't use it as "Two Factor" aka defense in depth then your just using it badly. "Two network" auth is how it should be used but it still adds some defense even when incorrectly used just on the phone as you'd need to either locally sniff sms traffic likely requiring permissions bypass or decrypt the sms traffic in the air or hack the Telcos network. All easier than you would think but still it does add to security and in the face of single sign-on systems. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
