Security Considerations for Two-Factor Distribution Avenues
Two-factor authentication messages can be delivered to our application users via a variety of devices. We are going to consider delivering the messages by cell phone, pager, and e-mail. With each of those devices we have to consider the security implications. Our preference will be to send the two-factor code to a cell phone or a pager. Only if those fail will we want to send the code to an e-mail address.
Security Issues with Two-Factor Delivery to E-Mail
E-mail in and of itself is a fairly secure application. It is password protected and it is usually well managed. However, the data is usually not protected in transit by encryption, and it is extremely easy to impersonate an e-mail ...
Get Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.