Comment Re:Imagine this... (Score 1) 647
Scenario 3:
What about the saucy pics I took of myself?
Scenario 3:
What about the saucy pics I took of myself?
RSA Security has a 2-factor OTP device in a credit card form-factor. It is very slick.
I work for RSA and you are absolutely correct. Attempting to authenticate twice with the same tokencode will automatically yield a rejection.
I believe the idea of this "real-time application" is that they see you typing in your passcode and zap that code into the authentication system before you do. The success of this hack is predicated on the notion that they are watching with baited anticipation, ready to spring into action the exact moment you sign into your online bank.
The chance of this actually occurring is highly remote, to say the least. The technique of racing ahead of a potential 2-factor authentication is compelling in theory, but of little practical use. If they're going to get into your bank, it has nothing to do with "defeating" Securid (or any other one-time display mechanism).
Suffice to say, this story is bunk.
yoiii.
"I've seen it. It's rubbish." -- Marvin the Paranoid Android