- security News Forums
- > New security initiative at PayPal
- > Nice idea but nullified by lost token procedure
Posting 
Philip Le Riche, Philip Le Riche
(1 posting since 09 Feb 2009)
Nice idea but nullified by lost token procedure 09 February 2009 16:57
According to Steve Gibson's Security Now podcast (transcript at
http://www.grc.com/sn/sn-182.htm) the additional security of the
Paypal token is completely wiped out by the customer services
procedure used if you loose it, which uses laughably weak
authentication of the caller.
Regards - Philip
- Threaded View
- Flat View
