為什麼有了 Google Authenticator 還要使用實體的 Two-Factor Token?

如標題的問題,因為 token 可以將 secret key 實體隔離開。

可以讀看看最近這篇報導:「Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions」,其中這段:

To date, the researchers said, Eurograbber has infected more than 30,000 users and stolen an estimated 36 million Euros.

對於開發木馬的人,銀行服務算是「經濟效益」最高的「投資」...

用簡訊也有類似的問題,實體的 OTP 算是目前最能抵抗這類攻擊的方式了...

This entry was posted in Computer, Hardware, Murmuring, Security, Software and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>