Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

PayPal's two-factor authentication is easily beaten, researcher says

Jeremy Kirk | Aug. 6, 2014
A security feature offered by PayPal to help prevent accounts from being taken over by hackers can be easily circumvented, an Australian security researcher has found.

But as with many online defenses, companies are often forced to make trade-offs between convenience and security, attempting to strike the right balance between safety and not alienating users locked out of their accounts.

Rogers has a record of finding problems in online services. Last month, he accepted a caution from police rather than face charges for discovering a vulnerability in the website of one of the country's public transport authorities late last year.

A database flaw within the website of Public Transport Victoria (PTV), which runs the state's transport system, allowed Rogers to gain access to some 600,000 records, including partial credit card numbers, addresses, emails, passwords, birth dates, phone numbers and senior citizen card numbers. Rogers notified the agency of the problem and did not try to profit from the information, but the incident was still referred to police.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.