amigan_99
asked on
PCI Question: One Time Passwords and Two Factor Authentication
Some of my secure online web sites have me request a one time password which can be sent as a text message to my phone, sent to an email account or heard via telephone robot. Then to access the site in question you enter your name password and the one time password. This appears to be a type of two factor authentication also. It would seem superior to manage to a smart card in that smart cards break, get out of synch etc. Everyone pretty much already owns a smart phone (or is afforded one from their company).
From a PCI perspective would username, password plus this type of One Time Password count as two factor?
From a PCI perspective would username, password plus this type of One Time Password count as two factor?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER