Go homepage(回首页) Upload pictures (上传图片) Write articles (发文字帖)
The author:(作者)delvpublished in(发表于) 2014/1/20 7:48:22 Experiment: PayPal password difficult to crack alone can’t check code stolen,
Experiment: PayPal password difficult to crack alone can't check code stolen wallet-Alipay, PayPal, payment security, password cracking-it news Experiment: PayPal password difficult to crack alone can't check code stolen
Recently, a "cell phone is lost? Your PayPal screwed! " Post on Twitter go crazy. The post said, cell phone loss was picked up by others, using mobile phones only parity-check codes as means of payment password is cracked. Yesterday afternoon responded that PayPal PayPal Security is not the issue . The legal evening news reporter found the net contents, the net post is not likely.
Can't check code stolen from PayPal
In addition to mobile phone check code, gets Alipay password need to know owner's social security number . If not known owner identity card number "acquaintances", will not be able to withdraw PayPal money.
? Reporters using Alipay Alipay account and have not logged on account of a computer experiment page prompts the need to enter your social security number (Web page screenshot)
Events
Mobile phone check code
Alipay password crack?
This tweet, if payments are associated with the bank card, phone up, picked up via mobile phone mobile phone only check code, will be able to get a login password, lifting mobile digital certificate authentication and access password.
In this regard, Alipay yesterday at about 4 o'clock in the afternoon, by micro issued a Colophon to "small financial services Group Chief Risk Officer u s" long Tweets.
Herman Hu Shao said, "If there was someone else pick up your phone and want to get your PayPal password on the computer, he needs to be ' mobile phone access code + ID card information ' a high level of security, such as calibration, absolutely not only through a phone check code can retrieve your password. ”
Experiment
Step 1: crack the code in computer
As described in the net post reporters, in non-journalists to my computer to log on to PayPal. Click on the "forgot password" and enter the page requires you to enter phone number and computer code, enter after the "mobile phone access code + social security number verification" and "artificial validation" two options. Press click on the former, to enter the page and discovered, not only need to enter the cell phone check code, but also to enter a social security number, if you do not enter a social security number, and you cannot click "next".
Step 2: try mobile client to break the code
Do not lose your social security number on your computer is unable to continue, on the phone on the client, and how to verify? Reporter on the mobile client, attempts to log on to PayPal, first gesture to enter password. Press Select "forgot sign password" page pops up "the need to log in again" dialog box.
Reporters after the click, account login page appears, enter login password, press Select "forgot password" page provides three options to find personal: "mobile phone access code + document number" and "through security issues" and "through personal service." NET posts only appear in "phone check code" approach, rather than journalists given experience of the three options.
Step 3: try to verify identity
Journalists choose the first option, phone does get a 6-digit check code text, enter a validation code and click Next, go to "forgot password" page, fill in the ID number.
See, if you don't know the owner of identity card numbers, the operation will be unable to continue, the net post the rest of the steps to undertake.
Step 4: try PayPal unbound phone to crack passwords
Reporter to replace a cell phone, and phone unlock Alipay account bound, repeat steps 1 and 2. Journalists select "forgot password", the page prompts the need to continue to the next steps on the Web version of PayPal, and you still need a social security number and other information, is still having problems retrieving your password.
Results: mobile phone loss, if not knowing the owner identification number "acquaintances", strangers found mobile phones after cause PayPal account theft unlikely.
PayPal risk against the nets, Herman Hu Shao said the biggest problem was Trojan, phishing, especially mobile phones, 99% theft associated with this and the remainder were users were deceived, and not because of lost cell phone.
In order to ensure security, PayPal, mobile phone lost, should call mobile phone operator reported first time SIM cards from being used for any other purpose; if the bindings have a bank card, PayPal, etc, should also call these service providers in a timely manner, take up the related operational freeze. You can also use the computer to log on PayPal account, disable the wireless payment switch, phones,iPad , wireless terminal payment will be fully closed.
实验:支付宝密码难破解,仅靠校验码盗不了 - 支付宝钱包,支付宝,支付安全,密码破解 - IT资讯实验:支付宝密码难破解,仅靠校验码盗不了
近日,一则“手机丢失?你的支付宝就完了!”的帖子在微博上疯转。该帖称,手机丢失后被他人拾获,只利用手机校验码等手段,支付密码将被破解。支付宝于昨天下午回应称支付宝安全没有问题。《法制晚报》记者对网传内容进行实验发现,网传帖子并不靠谱。
靠校验码盗不了支付宝
除了手机校验码,获取支付宝密码还需知晓机主的身份证号。如果不是知晓机主身份证号的“熟人”,将无法提取支付宝钱财。
▲记者使用他人的支付宝账号和未登录过支付宝账号的电脑实验,页面提示需输入身份证号(网页截图)
事件
手机校验码
破解支付宝密码?
这条微博称,如果支付宝关联了银行卡,手机丢了后,捡到手机的人只需通过手机校验码,就能获取登录密码、解除移动数字证书认证并获得支付密码。
对此,支付宝昨天下午4时许,通过官微发出一条落款为“小微金融服务集团首席风险官胡晓明”的长微博。
胡晓明表示,“如果真有别人捡到你的手机,想在别的电脑上找回你的支付宝密码,他一定需要‘手机校验码+身份证信息’等更高安全级别的校验,绝对不可能仅通过一个手机校验码就找回你的密码。”
实验
步骤1:尝试电脑破解密码
记者按照网传帖子所述,在非记者本人的电脑上登录支付宝。点击“忘记密码”,进入的页面要求输入手机号和电脑校验码,输入后出现“手机校验码+身份证号验证”和“人工验证”两个选项。记者点击前者,进入页面后发现,不仅需要输入手机校验码,而且还要输入身份证号,如果不输入身份证号,则无法点击“下一步”。
步骤2:尝试手机客户端破解密码
电脑上不输身份证号无法继续,在手机客户端上,又是如何验证的?记者在手机客户端上,尝试登录支付宝,首先要输入手势密码。记者选择“忘记手势密码”,页面弹出“需要重新登录”对话框。
记者点击后,出现账号登录页面,需输入登录密码,记者选择“忘记登录密码”,页面给出了三个选项找回密码:“手机校验码+证件号码的方式”、“通过安全保护问题”、“通过人工服务”。而网传帖子中只出现“手机校验码”方式,而并非记者体验中给出的三个选项。
步骤3:尝试验证身份信息
记者选择第一个选项后,手机的确收到一条有6位数字校验码的短信,输入校验码后点击下一步,进入“找回密码”页面,此时,要求填写身份证号码。
可见,如果不知道机主身份证号,操作将无法继续,网传帖子的其余步骤也无法进行。
步骤4:尝试支付宝在未绑定手机的情况下破解密码
记者更换一部手机,且解除支付宝账号的手机绑定,重复步骤1、2。记者在选择“忘记登录密码”后,页面提示需要到网页版的支付宝上继续后续步骤,并且依然需要身份证号等信息,依然无法获取密码。
实验结果:手机丢失后,如果不是知晓失主身份证号码的“熟人”,陌生人拾获手机后,造成支付宝账户资金被盗的可能性极小。
针对网传的支付宝风险,胡晓明称,最大的问题是木马病毒钓鱼网站,尤其是手机上,99%的被盗跟此相关,其余是用户被骗,而不是因为丢失手机。
为了确保安全,支付宝称,手机丢失之后,应该第一时间打电话给手机运营商挂失SIM卡,以防被用于其他用途;其次如果有银行卡、支付宝等的绑定,也应该及时打电话给上述服务商,进行相关业务的冻结。还可以用电脑登录支付宝账户,关闭无线支付开关,这样手机、iPad等无线终端设备的支付功能将全部关闭。
赞