Out-of-band security verification
1 Comment March 16, 2010 Matthew Skelton
While registering just now for Amazon Web Services (AWS), we discovered an intriguing example of “out of band” security verification (where the “band” is the web):
1. Provide a telephone number
2. AWS provides a PIN on the website
3. Receive the call (within 5 seconds!)
4. Enter the PIN using the telephone keypad
5. Verification appears on the website 5 seconds later
This (almost) ensures that it’s a human interacting with the site, rather than a machine. CAPTCHA is broken, so relying on a working telephone number with voice prompts makes it much harder for spam-bots/machines to interact with the system like this.
In theory, this is analgous to other multi-band techniques, such as receiving a credit card PIN in the post, but the slickness, speed and effectiveness of the AWS approach is impressive.
Filed under: Tech Tip
1 Comment Leave a Comment
1. Matthew Skelton | September 21, 2010 at 3:50 pm
More out-of-band verification now with Google Apps – using a one-time code sent to a mobile phone:
http://www.computing.co.uk/computing/news/2270140/two-step-authentication-added
Leave a Comment
TrackBack URL | RSS feed for comments on this post.