|
|
|
|
|
|
by joshhepworth
5610 days ago
|
|
|
While I have used this kind of authentication before, I'm not intimately familiar with it. From the way Kincaid described it in the article, it seems the key is unique only to a general moment in time, not each log-in attempt (though it wouldn't be hard to imagine it being invalidated as soon as it was used). If it is only a moment in time, I assume the phishing script could simply log in at the same time and hope the user has the "once per computer" setting enabled. Though this seems like too big of something to miss. Can anyone offer some clarification? |
|
|