Livefyre Profile

Activity Stream

 @troopyeyes I don't understand why you think you've listed 10 - 20 failures. AFAICT all you have done is repeat the "I lost my phone" thing, which can be addressed with the second phone or printed codes.

 

Just as importantly, you can also lose your phone when using CryptoPhoto, so all the issues surrounding that appear to CryptoPhoto as well. Also note that CryptoPhoto does *NOT* solve all problems. In particular, it doesn't protect you against Trojans.

 

Looking through their website, I really don't think that they do all the things they claim. For example, they say "Potential victims cannot be tricked into revealing passwords" but this is not correct unless their video is wrong. The video shows you entering the password before you see the photo. A proper antiphising system would have you first enter your login, then show you a photo, and THEN you enter the password. Furthermore, I am not convinced that with CryptoPhoto the photo cannot be intercepted. If the bad guys mount a man in the middle attack, they can take whatever photo they got from CryptoPhoto and forward it to the user. There are other ways to do the photo thing which work well from a compute you own, but I need to think more to see a good solution for when the user is at an Intenet Cafe.

2 years, 2 months ago on Two-Step Verification Dances Around the Issue

Reply