@dguido Thanks Dan. Great to see hardcore security folks embrace new concepts like this :).
-
-
-
@Authy Sorry guys, but tying together the two factors so I need to compromise only 1 is kind of goofy. -
@dguido What you mean tying the 2 factors? The bluetooth only gets the generated tokens not the keys. -
@Authy and generated tokens are what you need to login to the remote service, right? -
@dguido if someone compromised your Computer and they were able to connect to your phone via bluetooth they could get a valid token. -
-
@randomoracle@dguido True. Session should be encrypted and protected via channel binding http://www.browserauth.net/channel-bound-cookies … - 1 more reply
New conversation -
-
-
@dguido can be done, but not trivial nor with commodity hw: http://press.blackberry.com/press/2011/pressrelease-5162.html …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido you still have to have the phone. Meh, i think it’s pretty bad ass to be honest.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.