Ovid wrote: > > OK, I give. That's two references to how insecure 3D secure is. > Given that I know nothing about it other than the annoying fact that > I've forgotten my password for it, could someone explain why its > broken?
Well firstly you, I and *everyone* forgets their password. And then it just lets you generate a new one. Which makes it meaningless even if 90% of users didn't end up using "PAZZWORD" anyway. Secondly - who's providing that 3d-secure form? How do you know it's your bank and not someone collecting PAZZWORDs? -- Richard Huxton Archonet Ltd