The traditional way of doing this is a multiple-step handshake where neither party is entirely comfortable saying all of the information used to handshake until *after* the handshake is complete successfully, which is just terrible.
-
-
Show this thread
-
You can imagine extensions of this to authenticate e.g. bank agents when they call you. "Do you have your online banking open? Great. Hit the S key four times; you'll see a message saying that a banker needing to talk to you will be able to quote a number. Can you see that?"
Show this thread -
Beats the heck out of "Call the number on the back of your credit card then ask for an internal transfer to Patrick on desk #63524 please."
Show this thread
End of conversation
New conversation -
-
-
This is still theoretically vulnerable to a bucket brigade attack: Someone intercepts the phone call, opens a new call to the target, gets them to complete the handshake, then exploits their authenticated connection.
-
This is *probably* difficult in practice given that methods of hijacking a phone number will generally make it impossible to call the victim, but could imagine it working in some situations (e g. companies with multiple inbound numbers).
- 1 more reply
New conversation -
-
-
there's a 1/10 chance I guess the right number?
-
You know numbers go higher than 10 right?

- 3 more replies
New conversation -
-
-
Also suspectible to reality attack whereby the attacker hijacks the targets reality and simulates everything in the targets light cone until they've disclosed secret information. NOT SECURE!
-
I think at this depth of infiltration the attacker should be rewarded with the target's existence. Indeed I would probably be happy to forgo autonomy to a reality hijacking overlord. God, I'd call it.
End of conversation
New conversation -
-
-
Banks in Korea have been doing that for a while already to authenticate online transactions.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.