Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!
Privacy Policy

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Features

Details
Tags:

Single Factor Authentication, Continued

Partial Transmission of Passwords/PINs is a step up from the chocolate fire safe - maybe to a hard plastic one. Again, it is very vulnerable to phishing, social engineering of all sorts, and key loggers, which will get the information they want after two or three successful logins. Despite that, it is by far the most used method in online banking today. Effectively, all the data necessary to break the login will become available through attacks on the PC, and instantly available through phishing and social engineering.

Scrabble Pads are a joke! Here, the user looks for the alternative letter that is provided onscreen and enters it in the password box. Unfortunately, all the information required for reverse engineering the password or PIN is on this page. The hacker essentially "has the screen", and the letters that are entered, so where's the security? Take a closer look:

The Current Crop, Continued

My desktop Trojan with key logger and screen scraper says "thank you very much" to this sort of thing. It offers no resistance to phishing at all, as the password or PIN is the basis of the substitution, the 'cipher key' displayed onscreen.

And Virtual Keyboards are not much better...

The Current Crop, Continued

As above, my screen scraper can see every button click, irrespective of the 'cipher' that is passed to the server. This also offers no resistance to phishing at all, because if the user has given up the password/PIN, then the virtual keyboard is irrelevant.

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Most Read This Week

Over In The Forums

11ax or Wifi 6 Device density
11ax is supposed to address the problem of density.Does 11ax router really help if you have a whole house full of 11n 2.4ghz IoT devices?Personal expe...
RT-AC87U-Log file is getting bombarded with Successful Dropbear messages
Greetings.My log file is getting bombarded with successful Dropbear messages, everytime Home Assistant is checking on things (ssh is only open to LAN....
Small issue with Voxel VPN + Kamoj Addon
Hi All,Just a quick one. I have successfully installed the Voxel firmware for my R9000 using expressVPN.Everything actually seems to be working VPN wi...
RT-AC68P USB ports
My RT-AC68P has two USB ports, one each 2.0 and 3.0. I have two flash drives, one USB 3.0 and the other not 3.0. If I plug the 3.0 drive into the 2.0 ...
Openvpn server and client vpn simultaneously
i have an rt ac68u merlin firmware running a client vpn connected to a pay vpn service so all my devices are behind.On the router runs an openvpn serv...

Don't Miss These

  • 1
  • 2
  • 3