Sign In

Communications of the ACM

ACM TechNews

New System Secures Cellphones For Web Transactions

View as: Print Mobile App Share:


Password less authentication (PLA) is an experimental two-factor authentication method designed to ensure the security of online transactions made via cell phones.

PayPal security architect Srikar Sagi says the technique involves the collection of authentication data over the Internet and carrier cellular networks, and corroborating that data to positively identify the person attempting to log into an account.

When logging in, users enter their username and PIN, which is transmitted through the Internet to a PLA server. A second authentication between a PLA app on the phone and the server then occurs without the user's knowledge. If successful, this authentication verifies that the person who knows the username and password possesses the same phone registered with the account.

Hacking into the account requires that the perpetrator steal someone's username, password, and phone. Sagi says there is only a very slim probability of this happening in view of the logistics of both stealing the login data and also determining victims' whereabouts to swipe their handsets.

From Network World
View Full Article

Abstracts Copyright © 2011 Information Inc. External Link, Bethesda, Maryland, USA 


No entries found