Communications of the ACM

Home/News/New System Secures Cellphones For Web Transactions/Full Text

ACM TechNews

New System Secures Cellphones For Web Transactions

By Network World
December 9, 2011
Comments

View as: Print Mobile App Share:

Password less authentication (PLA) is an experimental two-factor authentication method designed to ensure the security of online transactions made via cell phones.

PayPal security architect Srikar Sagi says the technique involves the collection of authentication data over the Internet and carrier cellular networks, and corroborating that data to positively identify the person attempting to log into an account.

When logging in, users enter their username and PIN, which is transmitted through the Internet to a PLA server. A second authentication between a PLA app on the phone and the server then occurs without the user's knowledge. If successful, this authentication verifies that the person who knows the username and password possesses the same phone registered with the account.

Hacking into the account requires that the perpetrator steal someone's username, password, and phone. Sagi says there is only a very slim probability of this happening in view of the logistics of both stealing the login data and also determining victims' whereabouts to swipe their handsets.

From Network World
View Full Article

No entries found

New System Secures Cellphones For Web Transactions

Guaranteeing the Safety of Autonomous Vehicles

Autocorrect Is Not: People Are Multilingual and Computer Science Should Be Too

The Colossus