On 11/8/10 4:25 , Tom Limoncelli wrote: > I'm not speaking officially for my employer, but please encourage your > non-technical friends to try these new features. They might not > understand technical issues about cookie hijacking, brute force > attacks, etc. but they intuitively understand "only people with my > cell phone can use my account".
Hm, I'm failing to understand how would a two factor auth prevent session/cookie hijacking? Once the attacker is in, he could turn off the two factor auth as easy as he can change the password, couldn't he? _______________________________________________ Tech mailing list [email protected] http://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
