jump to navigation

NOTE: The spam filter is being unusually aggressive. If you comment does not immediately appear, it has simply been placed in moderation and I will approve it as quickly as possible. Thank you for your patience.

"Murphy was an optimist!"

Please allow your APIs to bypass 2 factor authentication – Mint and Paypal, I’m talking to you! August 16, 2011 1:15 pm

Posted by Doug McCaughan in : Security, Technology
, trackback

I use and love Mint.com. I use and love my Paypal security key. However, I cannot use the two together. Either I use mint.com without my paypal details (undesirable) or I lower the security on my Paypal account by deactivating my security key (undesirable).

Two-factor authentication (TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are.

[Source, Wikipedia]

What is desirable is the ability for to authorize certain applications to bypass 2 factor authentication in the same way that Google Accounts allows me to bypass their 2 factor authentication for applications that I trust. So, I should be able to go into my Paypal settings and say “trust mint.com without 2 factor authentication” and it would assign a key (guid, long string of characters, whatever) specifically for mint.com that effectively would be mint’s password into my Paypal account.

To make this work, would require cooperation between Mint and Paypal of course. To see this in practice, go to Google Accounts, turn on 2 factor authentication, then set up Gmail on an iPhone, Blackberry or Android. There’s the model.

See also: Google’s Getting started with 2-step verification for a demonstration of application specific passwords.

Comments after advertisement


no comments yet - be the first?