Quote:
Originally Posted by FizzyWater
Okay, if I sign into my Chase account for the first time on any computer, it asks for second authentification (other than my main login ID and password). Unless I choose to let it remember me on that computer, it asks for it every time.
I just killed the cookies on my laptop and logged into the site. I got the attached screen.
If this isn't 2-step authentification, what is?
|
Email addresses are something you know, not something you have. Epic fail.
http://en.wikipedia.org/wiki/Multi-f...authentication
2-step != 2-factor
http://en.wikipedia.org/wiki/Two-step_verification
General rant.
Two-step authentication using a single factor means that the person developing the security protocol has missed the whole point altogether.
Google, for example, uses a proper two-factor authentication. You need something you know (username+password) AND something you have (phone).