I recently received an interview about a passwordless login. It became a topic about the realization method of FIDO2. I explained the classification of hardware FIDO2 and software FIDO2. In addition, I explained that the method using smartphones is quite low in security due to the vulnerability of smartphones. There was a question from the...Continue reading
Category: Attack
Attack against Password recorded in Browsers
There is an auto-complete function that allows the browser to remember the password when logging in to a website or app. ACOT editor run one of free software for analysing his web browsers records in his computer. All his secret credentials are shown at a moment. Please be careful to use this function. There is...Continue reading
Attack against 2 Step Verification
Two-step authentication is a popular method of authenticating with the server by sending numerical values from the PC to the smartphone's email and SMS in the second step as well as the user name and password in the first step. The first step is authentication using the user's knowledge, and the second step is the...Continue reading