undefined | Better HN

0 pointsdavis_m12y ago0 comments

In this model, all you have to do is time the authorization request appropriately. If an attacker can time their authorization at the same time that the user is logging in, a large number of users are simply going to authorize both requests thinking that it is some sort of glitch.

With the standard OTP model, a user physically can not enter their code for another user.

0 comments

markkum12y ago

Unfortunately there are several cases where users have entered an OTP code for another user. The recent high profile case was with World of Warcraft's OTP.

j / k navigate · click thread line to collapse

0 pointsdavis_m12y ago0 comments

With the standard OTP model, a user physically can not enter their code for another user.

0 comments

markkum12y ago

Unfortunately there are several cases where users have entered an OTP code for another user. The recent high profile case was with World of Warcraft's OTP.

j / k navigate · click thread line to collapse