Payment Providers

Richard Huxton dev at
Fri Oct 2 11:27:27 BST 2009

Ovid wrote:
> OK, I give.  That's two references to how insecure 3D secure is.
> Given that I know nothing about it other than the annoying fact that
> I've forgotten my password for it, could someone explain why its
> broken?

Well firstly you, I and *everyone* forgets their password. And then it
just lets you generate a new one. Which makes it meaningless even if 90%
of users didn't end up using "PAZZWORD" anyway.

Secondly - who's providing that 3d-secure form? How do you know it's
your bank and not someone collecting PAZZWORDs?

  Richard Huxton
  Archonet Ltd

More information about the mailing list