Wednesday, November 12, 2003
Authentication via Caller ID
SAINTlogin allows users to log-in to a web site by dialing a phone number. The system uses Caller ID to identify the caller. The system will hang up after the first ring so the caller doesn't incur any charges. Interesting. I wonder if there are unintended consequences to this form of authentication? Clearly you're using your phone number as a security token. What happens if you lose your cell phone? If you use this token for secure web access, are the consequences as bad as if you lost a credit card? How quickly can you disable your phone number? How secure is Caller ID? How easy is it to spoof this system?
RSS 0.92 Feed