On Mon, 13 Mar 2017, Michael Rasmussen wrote: > A man in the middle or a man in the browser attack would ask the right > security questions. As soon as you provide the answers they'd put up some > fake error page and then bleed your account.
It is interesting that starting last week I'm no longer asked any of the security questions when I log in from the same host as before. I'm not convinced that this provides sufficient security, but there's nothing I can do about it. I would prefer that they send a 6-digit number to my cell phone each time I log in and have me enter that number to verify it's me. As some former president said, "trust ... but verify." Rich _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
