On Wed, Apr 8, 2015 at 11:27 PM, Ed Gould <[email protected]> wrote:
> http://www.techworld.com/news/security/is-this-future-of- > online-security-why-uqontrol-thinks-its-qkey-is-different- > 3605719/?no1x1&utm_source=Digest&utm_medium=email&utm_ > term=image&utm_content=image&utm_campaign=Digest3103 > > > Using the Qkey to buy something from a website requires first inserting > the device into any Windows PC (Mac support is promised), firing up the > secure browser after entering a strong master password (factor one). Users > next choose a card from the digital wallet interface after which a one-time > PIN is sent to them via mobile device (factor 2). After entering the PIN, > the key must be physically tapped to confirm payment (factor three). > > I have something vaguely similar called a Yubikey (available on Amazon). It is only supported, so far, when used with Google Chrome. But it works on Window s , Mac, and Linux now . And the API is documented so that others can use it. I don't know if there is any licensing involved. So the web site needs to implement the API in it's sign on page. So far, I've only found Gmail and GitHub using this, and it is optional. In addition the same API can be used with a Smartphone app called "Google Authenticator" which generates a one-time token which is (1) only useful once and (2) only useful for about 1 minute, whereupon it generates and displays a _different_ token. You could also set it up to SMS message your phone with the token value. -- If you sent twitter messages while exploring, are you on a textpedition? He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
