|
|
|
|
|
|
by btilly
5486 days ago
|
|
|
If he's cautious enough to do two-factor auth, he probably doesn't leave his accounts logged in. Suppose he uses http://googleblog.blogspot.com/2011/02/advanced-sign-in-secu... and has it remember the second authentication for 30 days (available from a checkbox). Then someone who has compromised his machine and has installed a keylogger can find it password, and log back in as him from that machine when he is not there. Two-factor has not saved you. Nor has the IP check. And yes, you're right. If someone owns your personal machine you have a whole lot of other problems. This fact makes discovering that someone owns your machine more important, not less. |
|
|