Payment Providers
Richard Huxton
dev at archonet.com
Fri Oct 2 11:27:27 BST 2009
Ovid wrote:
>
> OK, I give. That's two references to how insecure 3D secure is.
> Given that I know nothing about it other than the annoying fact that
> I've forgotten my password for it, could someone explain why its
> broken?
Well firstly you, I and *everyone* forgets their password. And then it
just lets you generate a new one. Which makes it meaningless even if 90%
of users didn't end up using "PAZZWORD" anyway.
Secondly - who's providing that 3d-secure form? How do you know it's
your bank and not someone collecting PAZZWORDs?
--
Richard Huxton
Archonet Ltd
More information about the london.pm
mailing list