I’m all in favor of this new version of authentication. The key issue to note is that while this will spoof keylogging, a successful ZeuS Trojan browser injection will trick the user into giving up the one time key. This out of band authentication compromise tactic was recently discussed by a research group working with APWG 2010 Thought Leader Dr. Laura Mather’s company Silvertail Systems.
The threat is blunted with efforts like this and I applaud this type of security integration to get us past passwords. Maybe Terry Zink or some other hotshots over at MSFT will shake down with the low down on how measurably adopted and effective this is.
What’s your view? Do you think we’ll get around passwords constantly being compromised through the use of further SMS text-based authentication?
Securing Our eCity Contributing Writer
Author ESET Research, We Live Security