Debunking another hacked authenticator story

Reader Comments (Page 1 of 1)

2-09-2010 @ 1:18AM

Stella said...

Robin - you're wrong about the 30 seconds rule. The authenticator code is valid for a short period of time after it cycles (and I presume a short period of time before it appears although there's no way to test that).

However that isn't a security hole because as soon as a valid code is entered, it then becomes invalid and cannot be used again. For example if I log in and then log out immediately, I need to wait for the authenticator code to cycle before I can log in again.

Not that any of this changes the validity of your article. I was just pointing it out.

Add your comments

Your comments:

Remember me

E-Mail me when someone replies to this comment

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.