First us bank to add TOTP or WebAuthN and they're getting all my businesshttps://twitter.com/trailofbits/status/1141684025251303424 …
-
The disgusting aspect of this is one institution recently "improved" their login process to "only require username and password" where you "won't need to verify a personal image". Thanks, you're doing it wrong.
All the research I've seen said the personal image thing never worked anyway, and maybe even aided phishers in displaying legitimacy. They also lacked the randomness to function in more mass phishing campaigns where tens of thousands of accounts are targeted.
-
-
I thought the point of the personal image was to know that you, the end consumer were actually talking to your bank before entering your password? E.g. not some low-effort phishing site.
-
They don't work: https://ieeexplore.ieee.org/document/6894474 …
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.