

Cronto Introduces New Visual Transaction Signing Device - rdl
http://cronto.com/cronto-introduces-new-visual-transaction-signing-device-for-secure-online-banking.htm

======
rdl
This, IMO, is how you do two factor correctly (with a device; I still like
keys/certs as second factor, too).

Rather than a dumb token which just reports a number to be used in
authentication on your main display, this actually puts the relevant
transaction info on a secure screen for your review and approval. Otherwise,
it's really easy to spoof.

It's also superior to a plug-in USB "HSM-lite" or similar key device (like
OneID) because it's a simple hardware device and really easy to verify.

I emailed to figure out how to use this for non-banking authentication. I can
think of a lot of applications for which it would be great.

