[security] [dix] Re: Gathering requirements for in-browser OpenID support
Chris Drake
christopher at pobox.com
Sat Oct 28 14:00:44 UTC 2006
BL> 2 factor auth gets you nowhere if the underlying protocols don't
BL> protect you from MitM.
What he *means* of course - is that 2-Factor auth solves pretty much
every security problem users are likely to face in the wild
(especially the most common and dangerous - phishing) - with the
*exception* of Man-in-the-middle attacks, in some circumstances.
It certainly doesn't "get you nowhere" - it almost always gets you
exactly to where you want to be.
Kind Regards,
Chris Drake
More information about the general
mailing list