Frank Knobbe wrote: <snip some suggestion with actual thought behind them by Frank>
You can make the authentication step as secure as you like (and granted, that's what the thread is about, and what the OTP asked for) but don't forget that the 0wner of your machine still has the option to take over your transaction(s) post-authentication.
BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/