[thelist] High Security Password
Fred Jones
fredthejonester at gmail.com
Thu Dec 6 09:15:09 CST 2007
> Yes, this defeats the keylogger attack.
>
> ING has had this for a while.
Yep, that's my bank. :)
> I have wondered whether it is still
> possible to get the contents of that text box, because presumably the
> content of the box is your pin and not the letter-translated value.
Not correct.
> However, it seems odd that they wouldn't go the next step and store
> the translation algorithm in session and have the keypad output the
> translated value of your PIN into the box (which would then be
> translated back to your numeric PIN on the server).
The contents of the box are the letters, not the numbers--you can type
the letters from the keyboard if you want, instead of clicking on the
keypad--no digits are sent, just alpha.
F
More information about the thelist
mailing list