Skip to Content.
Sympa Menu

assurance - Re: [Assurance] can two-factor be hacked ?

Subject: Assurance

List archive

Re: [Assurance] can two-factor be hacked ?


Chronological Thread 
  • From: David Walker <>
  • To:
  • Subject: Re: [Assurance] can two-factor be hacked ?
  • Date: Fri, 07 Mar 2014 17:28:59 -0800

Ultimately, I think we need savvier, less trusting users, despite how
hard that is to achieve. Technology can't do it all. If you can get a
user to trust you, it doesn't matter how they have to authenticate; you
can get them to do things they shouldn't.

David


On 03/07/2014 02:25 PM, Cantor, Scott wrote:
> On 3/7/14, 5:21 PM, "Farmer, Jacob"
> <>
> wrote:
>
>> Ah, that is not the direction I thought you were going to go with it.
>> Good suggestion, though.
>>
>> I was thinking using some kind of app to interact with the enterprise SSO
>> to help defend against this kind of behavior.
> Sure, I guess if you solve the "how do I trust the extension?" problem, I
> imagine you can go this route. It was historically much more onerous to
> get people to install add-ons, and of course the dominant browser 10 years
> back used native code as extensions. Now that's all webified, and it's
> much easier, but also less secure intrinsically. I was going to make a
> crack about how Chrome meets most of my defintions of malware...
>
> Ultimately if you can get people to use an add-on, you're presupposing
> some influence over their behavior that could be used to help with
> phishing to start with.
>
> -- Scott
>
>




Archive powered by MHonArc 2.6.16.

Top of Page