Boards
News
Market Data
Markets
Discover
Discover
AI Subscribe Login/Register account icon
S&P 500
7,099.66
(
-0.13%
)
US TECH 100
25,898.40
(
0.10%
)
Dow Jones
49,363.69
(
-0.17%
)
Brent Oil
94.85
(
4.60%
)
Bitcoin
75,270.48
(
-0.82%
)
News Focus
News Focus
Post# of 235174
Next 10
Public Reply Private Reply New Post
Keep Last Read
Replies (1) Keep Next 10 Report Keyboard Shortcuts
Replies (1) Next 10 Prev Next

WBCTrader

Send PM Follow Ignore
Followers 8
Posts 4298
Boards Moderated 0
Alias Born 04/14/2016

WBCTrader

Re: Big Papa bear post# 189155

Wednesday, 11/01/2017 12:15:08 PM

Wednesday, November 01, 2017 12:15:08 PM

Post# of 235174
I don't know how else you can read it. it says it used to be ok, but now if you use the same device to do both MFA/OOB is nullified.

It's pretty plain and simple..

I steal your phone, you have your banking info on "auto complete" (just for example). I have your phone, and your login info stored on it. I use safari to login to your bank, it sends OOB/MFA SMS, one time password, passphrase, code, etc to THAT PHONE, I authenticate and I'm In. Effectivly NULLIFING the OOB/MFA by use of the same compromised device.

PCI now says thats not good enough. It needs to be a different DEVICE or have additional methods of authentication.


the authentication process should establish controls to guarantee that the individual attempting to use the authentication is, in fact, the legitimate user in possession of the authentication factor
Public Reply Private Reply New Post
Keep Last Read
Replies (1) Keep Last Read Next 10 Report Keyboard Shortcuts
Replies (1) Next 10 Prev Next
Volume:
Day Range:
Bid:
Ask:
Last Trade Time:
Total Trades:
  • 1D
  • 1M
  • 3M
  • 6M
  • 1Y
  • 5Y
Detailed Quote