為什麼有了 Google Authenticator 還要使用實體的 Two-Factor Token?

如標題的問題,因為 token 可以將 secret key 實體隔離開。

可以讀看看最近這篇報導:「Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions」,其中這段:

To date, the researchers said, Eurograbber has infected more than 30,000 users and stolen an estimated 36 million Euros.

對於開發木馬的人,銀行服務算是「經濟效益」最高的「投資」…

用簡訊也有類似的問題,實體的 OTP 算是目前最能抵抗這類攻擊的方式了…

Related Posts:

This entry was posted in Computer, Hardware, Murmuring, Security, Software and tagged , , , , , , . Bookmark the permalink.