Thread: Cool new security features on Epassporte:)
View Single Post
Old 12-14-2007, 11:46 AM  
woj
<&(©¿©)&>
 
woj's Avatar
 
Industry Role:
Join Date: Jul 2002
Location: Chicago
Posts: 47,882
Quote:
Originally Posted by Why View Post
that feature is totally worthless and here is why...

i create a scam site and i get your username... so then i login with it.

then i see your secret image, and possibly your questions... so then i make a new scam site that re-creates both new security steps..

you come to my scam site again, and give me your secret answers, etc.

then i can go and login to your real account and steal everything inside....

sorry but that security feature is used by bank of america and its completely and utterly worthless, just makes stealing from you a bit harder, but if your stupid enough to not look for https connections and proper domains, this wont save you.

anyone with a nice bank account in switzerland or the likes will know what proper online banking security is like.
Also lets not forget that the "security question" thing is completely flawed... the way it is, anyone can bruteforce the questions first, and then type in the password... the way it should be in my opinion is that security question and the password should be entered at the same time on the same page...

but I guess lets not bitch too much, these changes are better than nothing...
__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager
woj is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote