Phishing and Security Keys

Primitive forms of biometric authentication
While still a massive improvement over passwords alone, the “one-time passwords” on these dongles can still be intercepted and used by hackers
Phishing pages can capture anything the user has to type in. This example has all the fields on one page, but more common is to split up identifier, password, and OTP onto separate steps.
With tens of thousands of retail branches in the US alone, there are lots of people who can potentially change the routing for a user’s cell phone number. That said, the scale of those attacks is still orders of magnitude smaller than relying on a password alone
The Titan Security Key from Google is one example of a FIDO-compliant Security Key
Everyone in the world versus everyone in your house; which would you choose?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mark Risher

Mark Risher

Director @ Google; startup co-founder; former theater nerd. Biracial. He/him.