On Wed, Apr 11, 2012 at 6:16 AM, Kevin Chadwick <[email protected]> wrote: > On Tue, 10 Apr 2012 22:10:01 -0400 > Jeffrey Walton wrote: > >> Two factor authentication using a cell phone was recently broken: >> "Two-channel breached: a milestone in threat evaluation, and a floor >> on monetary value", >> http://financialcryptography.com/mt/archives/001349.html > > That's not broken. If you don't use it as "Two Factor" aka defense in > depth then your just using it badly. "Two network" auth is how it should > be used but it still adds some defense even when incorrectly used just > on the phone as you'd need to either locally sniff sms traffic likely > requiring permissions bypass or decrypt the sms traffic in the air or > hack the Telcos network. All easier than you would think but still > it does add to security and in the face of single sign-on systems. Tell that to the folks who lost $45,000.
-- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
