Quote:
Originally Posted by HarryT
This is perhaps why modern banking websites (mine at least) don't ask you to enter your complete password, but only selected letters from it. Information intercepted in such a way would not be sufficient to allow anyone to gain access to your account.
|
Kossowsky's Law of Network Security: If there is a legal way in, then there is an illegal way in.
If those few characters give
you access, they could give
not you access as well.
I've never seen the partial pwd thing you're describing, but it essentially sounds like a variation of a session key. ie, the few characters that work THIS time would not be the same few characters that work THE NEXT TIME, right?
ApK