freakus_maximus Posted July 11, 2008 Share Posted July 11, 2008 Just wondering what/if experiences anyone has in putting together a two-step authentication, since CAPTCHA methods seem to be foiled even for some of the big guys (Google, Yahoo, etc..) If you don't know, a two-step is normally a something you know (like a PIN) and something you have (like your bank card). Or a token that generates a random 6 digits that need to be used with a PIN, for example PayPal ships out tokens. I even just read that Blizzard (World of Warcraft) is going to sell tokens to do this two-step authentication to help avoid account hacks. That's all great for a bank or any other big money making machine. But if you dont have the clients, the income or even the need to sell/distribute tokens then what can you do. So, what do you think of a 2-step authentication that would implement a PIN and CAPTCHA? My thoughts were that if the bots can bust the CAPTCHA, why not involve something the bots can't know (the pin). And yes I know, nothing can be done about trojan/keylogging/phising scams. These are user/behavioural issues that you can only do so much education about. Really talking more about bots vs. CAPTCHA. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.