Thread: 2014: The Year of the MEGA Data Breach
View Single Post
Old 10-20-2014, 05:00 PM   #18
eschwartz
Ex-Helpdesk Junkie
eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.
 
eschwartz's Avatar
 
Posts: 19,421
Karma: 85400180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
Quote:
Originally Posted by FizzyWater View Post
Okay, if I sign into my Chase account for the first time on any computer, it asks for second authentification (other than my main login ID and password). Unless I choose to let it remember me on that computer, it asks for it every time.

I just killed the cookies on my laptop and logged into the site. I got the attached screen.

If this isn't 2-step authentification, what is?
Email addresses are something you know, not something you have. Epic fail.

http://en.wikipedia.org/wiki/Multi-f...authentication

2-step != 2-factor

http://en.wikipedia.org/wiki/Two-step_verification


General rant.
Two-step authentication using a single factor means that the person developing the security protocol has missed the whole point altogether.

Google, for example, uses a proper two-factor authentication. You need something you know (username+password) AND something you have (phone).
Last edited by eschwartz; 10-20-2014 at 05:06 PM.
eschwartz is offline   Reply With Quote