RE: Feasibility of authentication without transcribing



From: Alastair Campbell [mailto:acampbell@nomensa.com]
Sent: Tuesday, November 28, 2017 5:16 PM

The first thing that occurs to me is that we need a registration exception, as it requires a long password, and a 4 digit pin to setup the mobile app, and/or an 8 character code for setting up SMS.
[Jason] I am not a security specialist, but I understand that the use of SMS in multi-factor authentication schemes is considered insecure and not to be a recommended practice.

________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________

Received on Wednesday, 29 November 2017 00:17:34 UTC