The article mentions "Matthew Prince protected his Google Apps account with a se... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		matthiasb on Nov 15, 2012 \| parent \| context \| favorite \| on: Kill the Password: Why a String of Characters Can'... The article mentions "Matthew Prince protected his Google Apps account with a second code that would be sent to his phone—so the hackers got his cell account". It means the phone was not secure enough to protect these codes. A dedicated hardware token is more secure, but if you have to carry 10 devices on your keychain, this is not very elegant and annoying.

jgrahamc on Nov 15, 2012 [–]

Matthew Prince is my boss and I know what happened there. He was not using the type of system I am talking about (based on the RFC) but a system that does a voice call or SMS.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact