WebApp Sec mailing list archives

RE: Proposal to anti-phishing

From: "WebAppSecurity [Technicalinfo.net]" <webappsec () technicalinfo net>
Date: Fri, 14 Jan 2005 16:41:00 -0000

That's two-factor you're talking about - not two-phased

-----Original Message-----
From: Don Tuer [mailto:don.tuer () cgi com] 
Sent: 14 January 2005 15:28
To: 'Rafael San Miguel'; webappsec () securityfocus com
Cc: Enrique.Diez () dvc es
Subject: RE: Proposal to anti-phishing

Two phased authentication is good for security but some 
obvious disadvantages include:

      - Cost of hardware tokens
      - Cost of distribution
      - Cost of managing hardware
      - Complexity and user training

      Also will the user need to return their token for 
replacement if they forget the PIN?

Thanks
Don

Current thread:

Proposal to anti-phishing Rafael San Miguel (Jan 14)
- RE: Proposal to anti-phishing Don Tuer (Jan 14)
  - Re: Proposal to anti-phishing Rishi Pande (Jan 15)
  - RE: Proposal to anti-phishing RSnake (Jan 15)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 16)
    - RE: Proposal to anti-phishing Frank Knobbe (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 19)
    - RE: Proposal to anti-phishing Sam Koh (Jan 23)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
  - RE: Proposal to anti-phishing WebAppSecurity [Technicalinfo.net] (Jan 15)
  - Re: Proposal to anti-phishing Rogan Dawes (Jan 15)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 15)
  - RE: Proposal to anti-phishing Lyal Collins (Jan 16)
    - Re: Proposal to anti-phishing Moksha Faced (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 19)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 19)
  - Re: Proposal to anti-phishing Rob Skedgell (Jan 19)
    - Re: Proposal to anti-phishing Cory Foy (Jan 23)
- Data sanitization approaches in Java Benjamin Livshits (Jan 15)

(Thread continues...)