security of 3rd factor authentication.
2nd or 3rd factor authentication app.
2nd factor authentication of OTP by SMS is no longer
sufficient and adequate.
This app which runs on registered mobile,
must have an option like
I am incapacitated
Disable for 3 or 7 days.
This will disable login until the person
goes to bank in person and resets login
authentication once again from the bank.
We need to come out with a procedure for
emails re login after a online mugging.
OTP BY SMS HAS TO BE STOPPED ONCE AND FOR ALL
OTP CAN BE MUGGED EASILY
ONE CAN STEAL A MOBILE AND ALL OTP CAN BE LOST
SIM SWAPPED AND ALL OTP CAN BE LOST
WHATSAPP CALL ALL OTP CAN BE LOST
AND ONLINE AND OFFLINE MUGGING CAN BE ALL.
ALL banks and email software should have a authentication
app.
This app should not only accept inputs
to allow or decline
This should check the 3rd factor authentication
From which machine the login is attempting from.
IF the login is from a new machine,
the 3rd factor auth app should block
login from new machine
This app should send the cpuid to cybercrime.
First time auth is done from a regd mobile
when the app will log the cpu/device id
From second time, it will check the cpu id
from where the login is coming from
and allow only it comes from saved cpuid.
All other logins will be blocked automatically
and sent to cybercrime dept.
This 3rd factor authentication regd mobile app
should be given by all banks and email providers.
kindly do the needful.
THE 3RD FACTOR AUTH MOBILE APP
SHOULD HAVE AN OTPION THAT I AM INCAPACITATED
THIS CAN BE USED IN ONLINE MUGGING.
FOR PHYSICAL MUGGING, THE SAME APP WILL NOT ALLOW
LOGIN FROM NEW MACHINE WITHOUT BANK KNOWLEDGE.
LOGIN WILL BE ALLOWED FROM
1 PHONE
1 PC/LAPTOP ONLY
This should take care of online fraud.
OTP SMS should be removed once and for all.
This 3rd factor authenticating app could be the banks mobile app SW