Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Polls on the front page of Slashdot? Is the world coming to an end?! Nope; read more about it. ×

Comment: Re:Surely this is expected (Score 1) 49

by Eric S. Smith (#43017135) Attached to: Bypassing Google's Two-Factor Authentication

An application specific password is meant to be given to the application once and then never typed again, heavily reducing the chance of it being compromised.

If it's kept in persistent storage by the application, that actually increases the chance of it being compromised. Rather than logging keystrokes or peeking at RAM or man-in-the-middling the application in some way, you can just read a file.

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors

Working...