Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Notices by Caroline (caroline@hessen.social)

Embed this notice
Caroline (caroline@hessen.social)'s status on Thursday, 08-Aug-2024 17:54:35 JST Caroline
in reply to
- kaia
- Didek
- Fell
@didek @fell
Securely displaying transaction information on the authenticator protects against malware: When you are about to transfer money, a man-in-the-browser malware could change the recipient account and amount, but manipulate what you see in your online banking session, so you won't see it. If you approve this transaction with a standard authenticator, you have no chance to detect the attack. #2fa #infosec #FIDO2 #bank
@kaia

In conversation Thursday, 08-Aug-2024 17:54:35 JST from hessen.social permalink
Embed this notice
Caroline (caroline@hessen.social)'s status on Thursday, 08-Aug-2024 17:54:35 JST Caroline
in reply to
- kaia
- Didek
- Fell
@didek @fell
That's right, it's because of the requirements imposed by European regulation #psd2. There doesn't exist any standard for #2fa allowing for displaying transaction information in a secure way on the authenticator. No, not even #FIDO2 solves this! (It used to, with #WebAuthn 1, but that part of the spec was never implemented by browsers, so abandoned in Webauthn 2.) #bank #infosec @kaia

In conversation Thursday, 08-Aug-2024 17:54:35 JST from gnusocial.jp permalink

User actions

Information Security, AI, Cyber*, Bank, 2FA, mdRzA, Frankfurt, Bad Vilbel, Demokratie, FckAfD.

Tags

(None)

Following 0

Followers 0

Groups 0

Statistics

User ID: 275280

Member since: 8 Aug 2024

Notices: 2

Daily average: 0

Feeds

Atom