Quote:
Originally Posted by Yoshi63
None of this is a HUGE deal, and I'd still consider the FTP tokens to be a large improvement in security and should cut down on the hackings by a ton. But I would consider them slightly less secure than the stars RSA.
80 out of a million is very safe. You'd need at least 500 tries to have a slight chance of hitting it. I'm assuming FT has some security process built-in that stops people from one address whiffing more than 10 times; particularly because you only get to that stage after entering the regular username (/email) and password. So we can be pretty sure it's a hacker by then.
But I would assume that the software would lock you and your IP out for at least 24 hrs.
Well, they probably don't have this but they should. Well, maybe they have something like it.
In any case, this token stops people who don't have (or ever had) the physical token from getting into your account, 99.9% of the time, and 99.99999% (or whatever) of the time if they only allow 10 tries.
So my second point is that the RSA token may be more secure but not any better in the real world and possibly more expensive, and more error-prone.