Phishing and Security Keys

Primitive forms of biometric authentication
While still a massive improvement over passwords alone, the “one-time passwords” on these dongles can still be intercepted and used by hackers
Phishing pages can capture anything the user has to type in. This example has all the fields on one page, but more common is to split up identifier, password, and OTP onto separate steps.
With tens of thousands of retail branches in the US alone, there are lots of people who can potentially change the routing for a user’s cell phone number. That said, the scale of those attacks is still orders of magnitude smaller than relying on a password alone
The Titan Security Key from Google is one example of a FIDO-compliant Security Key
Everyone in the world versus everyone in your house; which would you choose?

--

--

--

Director @ Google; startup co-founder; former theater nerd. Biracial. He/him.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Pretexting: The Art of Impersonation

What is Pretexting and how to pevent it?

How to Keep your eCommerce Solution Safe

Privacy is good for business!

How to set up NFTad.space after purchase

Security Dumpster Fire — bSides RDU 2019 Review

$883K TikTok Fine

On Cyberwarfare & the Effectiveness of Indicting Foreign Criminal Hackers

CertiDApp | How to send ES to any Certificate Holder

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mark Risher

Mark Risher

Director @ Google; startup co-founder; former theater nerd. Biracial. He/him.

More from Medium

IT, Cybersecurity, and Cooking

How to not be a script kiddie in 2022

Student data breaches and expanded guidelines for health information