Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Contradiction (Score 1) 30

Well if they get compromised it shouldn't be a problem, as they don't store anything to do with your password. All decryption is done client-side.

If your computer has a keylogger or you're tricked into entering your lastpass password into a fake login page or something, then yes, you've just opened up all your passwords in one go.

Comment Re:What's the big problem? (Score 1) 675

The slowness is in the procedure more than system response.

With the old system I would swipe my card at any point while my purchases were being scanned, type in my PIN a second or two after and put away my card. When the total was ready I would confirm it.

Now I insert my card and have to wait until the bill is totalled before confirming the amount and typing my PIN. It does seem slower to respond, too, but it's mostly annoying because my card is sat in the machine for longer. This results in a much longer time that I'm holding my wallet in one hand, or have to put it away and get it out again.

Also it's never clear whether the card reader will accept it (some are still swipe-only, some claim to read the chip but fail, sometimes I'm asked if it is debit or credit before being told what to do).

I wouldn't mind if it was more secure but I've heard that the chip simply sends a confirmation that the PIN was correct, no unforgeable challenge/response design.

When I tried using Android Pay earlier this year, I had similar problems of terminals that claimed to support it but didn't, although recently it's been more reliable and I've used it as a fallback when chip+PIN fails to work correctly.

Chip+PIN should be more secure and should be as effortless as swipe+PIN, but right now it doesn't seem to live up to that.

Comment Don't some websites work this way? (Score 1) 116

Some website services require you to provide your password to some other site to work. For example, email filtering or some finance sites.

I know that when done correctly the site provides an authentication token, but the old-style approach was to just require you to provide your mail or bank's password.

Slashdot Top Deals

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley

Working...