How to prevent unauthorized first-time TheGRID Beacon activation by a hacker who has already stolen username and password?
How to prevent unauthorized first-time TheGRID Beacon activation
by a hacker who has already stolen username and password?
TheGRID Beacon typically goes through a first-time activation by
scanning a prompted QR code after installing the Beacon smartphone application.
In order to prevent unauthorized activation, the activation process can be
further secured by enforcing additional user verification in addition to QR
code scan. Examples below:
user a verification question that its answer is not immediately available
on the protected web application. For example:
do you normally make payment?
is the answer to the secret question "xxx"?
is your ATM / bank card number?
enter the numbers printed on the back of your credit card.
enter the code that has been posted to you.
a verification code to user via SMS, email, regular post mail or any other
prompts user to enter verification code after QR scan.
an activation code (one-time-use with expiry) from ATM machine.
an activation code (one-time-use with expiry) from bank branch, IT
department, helpdesk, etc.
an alert notification to user via SMS, email, regular post
mail or any other valid methods that Beacon has been activated on his
account. Advise user to call bank/administrator/helpdesk immediately if he
did not perform the activation.
one or more of the above.