Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment HUD Windows? (Score 1) 75

The patent describes the HUD as being a transparent display over a hole/window in the device. I can't see that being very likely in the near future. Either the hole is too small to see much through, or the window takes up a big portion of the phone. You can't hold a small window up to the eye and still focus on the display, unless it uses some sort of lightfield display. AR isn't as simple as a see-through display.

Comment Re:Contradiction (Score 1) 30

Well if they get compromised it shouldn't be a problem, as they don't store anything to do with your password. All decryption is done client-side.

If your computer has a keylogger or you're tricked into entering your lastpass password into a fake login page or something, then yes, you've just opened up all your passwords in one go.

Comment Re:What's the big problem? (Score 1) 675

The slowness is in the procedure more than system response.

With the old system I would swipe my card at any point while my purchases were being scanned, type in my PIN a second or two after and put away my card. When the total was ready I would confirm it.

Now I insert my card and have to wait until the bill is totalled before confirming the amount and typing my PIN. It does seem slower to respond, too, but it's mostly annoying because my card is sat in the machine for longer. This results in a much longer time that I'm holding my wallet in one hand, or have to put it away and get it out again.

Also it's never clear whether the card reader will accept it (some are still swipe-only, some claim to read the chip but fail, sometimes I'm asked if it is debit or credit before being told what to do).

I wouldn't mind if it was more secure but I've heard that the chip simply sends a confirmation that the PIN was correct, no unforgeable challenge/response design.

When I tried using Android Pay earlier this year, I had similar problems of terminals that claimed to support it but didn't, although recently it's been more reliable and I've used it as a fallback when chip+PIN fails to work correctly.

Chip+PIN should be more secure and should be as effortless as swipe+PIN, but right now it doesn't seem to live up to that.

Comment Don't some websites work this way? (Score 1) 116

Some website services require you to provide your password to some other site to work. For example, email filtering or some finance sites.

I know that when done correctly the site provides an authentication token, but the old-style approach was to just require you to provide your mail or bank's password.

Slashdot Top Deals

An algorithm must be seen to be believed. -- D.E. Knuth