|
|
|
|
|
|
by tptacek
6585 days ago
|
|
|
I'm not sure I see how that follows. But to reify this a bit, do a little Google research on what the banking industry is dealing with regarding multifactor authentication. Nothing they are trying is working, and they're doing considerably more than Javascript hashing. The schemes being discussed here are being attacked, successfully. |
|
|
By the same token, some hackers capable of cracking do so, though they, in some sense of the word, really shouldn't.
We're thinking about security from two different standpoints. If I lock my door, but my glass window has no bars, I'll still say it's more secure than a house with a door open. The issue, for me, is less that someone can, but whether someone will. If I make it harder for someone to mess with me, maybe they won't.