As a supplement to my recent post on XSRF and to kind of give a complete picture — if there is a lot of money on stake, or if we are paranoid (which is not so good, but not too bad either) we can always decide to use an additional, independent channel when authorising extra-sensitive operations.

Even better, this kind of approach should prove useful defending against most of the attacks that aim to overcome authorisation controls in order to gain unauthorised access to sensitive data or to perform an unauthorised operation, like, say, wire-transfer all your money to a bank account somewhere over in Caymans.

You may ask, how is it that we are sure about the additional channel’s security. Well, it would be great if we could be sure about it, but usually we can’t. But it’s not the point. The point here is that an additional separate — and verified! — channel makes it much more difficult for an attacker to perform their malicious activities, as they need to take over both of them in order to succeed (say, intercept an SMS message and inject their own in its place — although doable, it takes a lot of effort and money). Think of it as a way of re-authenticating before a security-critical task, but performed out of bound.

And, of course, it’s not aiming on being so bulletproof that having all the money in the world would not be enough to overcome it. It’s just to much of an effort and, after all, there are easier targets out there, so why bother.

On the other side though, it’s an additional burden for a user, so, I think what is most important here, is to know when to apply this kind of a control and when it’s too much.