Pull to refresh
9
Karma
0
Rating
Julia HUGHES @Token2

Пользователь

  • Followers
  • Following

Трансформация IT-ландшафта в банке

Извините если не в тему, а как у Росбанка интернет банкинг настроен? Есть двухфакторная аутентификация? На сайте не совсем понятно

Современные стандарты идентификации: OAuth 2.0, OpenID Connect, WebAuthn

Если уж упомннать OAuth и webAuthn в одной статье, то надо и про Oath сказать

Программируемые аппаратные TOTP ключи с возможностью синхронизации времени

запоздалый апдейт, модель molto-1 позволяет выставить такой пароль
www.token2.com/shop/product/token2-molto-1-multi-profile-totp-hardware-token

TOKEN2 Molto-1, world's first multi-profile TOTP hardware token

Hello. Our nfc apdu documentation is ready and can be shared upon NDA is signed. Let us know if you are still interested

TOKEN2 Molto-1, world's first multi-profile TOTP hardware token

Thanks for your interest. We are supporting open source, but the situation is a bit different when it comes to hardware, our management may need to decide.

The DLLs will be provided upon signing the NDA, but they are currently under development, we will finalize it by the time you get your products delivered (in about a month).

TOKEN2 Molto-1, world's first multi-profile TOTP hardware token

Hi, no plans for Linux (yet), but we will think about that. We can share the NFC burner DLL with API/SDK, but this will most probably allow creating another Windows app, not Linux.

Google informs users about a vulnerability with their Titan Security keys

This is not really Google's device. Only the “firmware is developed by Google to verify its integrity”, which appears to have been just a phrase for media — as a result, the same vulnerability affecting Feitial MultiPass affects Titan as well.

C301 and miniOTP-3, new programmable tokens from Token2

PTM Thanks a lot for the feedback. We actually did provide that info in the previous blog posts, but to make it easier to access, I have added the background info to this post (as spoilers).

Programmable TOTP tokens in a key fob form-factor

No time sync with this model. We have unrestricted* time sync feature with miniOTP-2 and are planning restricted** time sync with the next generation (C301 and miniOTP-3).

Linux version not available (yet). Currently only Android and Windows (10 64x) apps are planned to be released.

* the time can be set keeping the current seed
** setting the time will automatically clear the seed for security purposes (to avoid the risk of a replay attack)

Programmable TOTP tokens in a key fob form-factor

The data transferred is the shared secret key (seed) used for TOTP generation (see tools.ietf.org/html/rfc6238#page-4 R5). This is needed for services not allowing to enter a custom seed, thus the only solution is to use a TOTP mobile app (like Google Authenticator).
NFC programmable TOTP tokens are «drop-in» replacements of the Google Authenticator-type applications

Programmable TOTP tokens in a key fob form-factor

'Tamper evident' means that it is not possible to discreetly open the case and access the chip, and has nothing to do with «secret NFC commands» (wiki- 'Tamper evident': «designed to reveal any interference with the contents»)
NFC can only be accessed from a relatively small distance (2-3 cm max), so if users worrying about «secret NFC commands» should keep their devices with them all the time.

start talking about open source.
what would open source change in this case? having the code open does not mean nobody can add a feature to read the seed, it is indeed the opposite, it will increase such risks.

Programmable TOTP tokens in a key fob form-factor

Hello, thanks for your interest.
No partners in Russia yet, but we can ship directly via Swiss Post or Express delivery (Fedex/UPS/DHL). So far clients in Russia had no issues with smaller parcels. However, with larger orders, customs causes headaches a lot.

Заметки фитохимика. Хурма

В не менее братском французском сей фрукт называется «каки»

Как тебе такое, Илон Маск: BMW и Porsche разработали зарядку, добавляющую 100 км хода за 3 минуты

Ну не знаю, мне так показалось; правда оба языка для меня неродны

Как тебе такое, Илон Маск: BMW и Porsche разработали зарядку, добавляющую 100 км хода за 3 минуты

С сохранением смысла: «can jolt electric vehicles in less than 3 Minutes with enough power to drive 100 kilometers»

Как тебе такое, Илон Маск: BMW и Porsche разработали зарядку, добавляющую 100 км хода за 3 минуты

Там дело в порядке расположения, я цитирую без изменений- “power to drive 100 km in less than 3 Minutes”

Как тебе такое, Илон Маск: BMW и Porsche разработали зарядку, добавляющую 100 км хода за 3 минуты

если есть охота придираться к тексту журналистов, то в обоих версиях можно подумать что речь о скорости :): «проехать 100 км менее чем за 3 минуты»

Банки Credit Suisse и UBS обвинили в скоординированном бойкоте Apple Pay и Samsung Pay

Упрощение не в процессе оплаты; проще завести акаунт

Банки Credit Suisse и UBS обвинили в скоординированном бойкоте Apple Pay и Samsung Pay

TWINT так же фингерпринтом и через BLE. Но, для твинта никакой карты привязывать не нужно, можно привязывать напрямую к банковским счетам. И платить на сайтах (местных) просто сканируя QR etc.

Information

Rating
Does not participate
Works in
Registered
Activity