this morning at eleven o 'clock, tecent science and technology and the release of the emergency! Alipay thrilling major vulnerabilities, acquaintances can be easily tampered with your password "popped the loopholes in pay treasure, the article acquaintances can tamper with the user's password, one hundred percent, and even strangers successful change also has a chance of 1 / / 81.
tencent's science and technology in this paper, we show that the login password select "forgot password", select text messages "unacceptable" in open interface, can enter a choice "may know" friends of the image authentication interface.Choose before entering a right choice "taobao bought" validation of the interface, two validation step is from 9 choose one picture.Thus, tencent technology journalist thought, strangers to tamper with the password success rate is 1/81.
curiosity heavy business hemp seen after is ready, we cheat a friend, by the way, too.So I locked a friend, and in the login screen enter her phone number, click on the "forgot password".
reset login password in the pop-up interface automatically fill in the mobile phone number just now, click "next".
open interface display has been sent to the mobile phone number verification code.This account owner not alarmed?No matter, continue to say again first.
click on the "unable to receive SMS", arguably, the next step is to verify that someone may know.
etc...What the hell add bank card?This is different from the tencent technology said.Why somebody else shows the validation images, I am the card verification?
hear alipay validation way is random.Well, I had a bad luck, in a person to try again.
the same steps, that plays out is to brush face authentication, the password can't also change.
so repeatedly tried half a dozen phone number, there is still no pop-up I want images validate interface.This matter will not be unfounded, and try again.
look at paying treasure to a few friends, sucking ma decided to take his operation, after all acquaintances have finished each.Though with his own test will feel very strange, but my heart is steadfast.But, more importantly, shows the selection "option might know" interface, everything comes to him who waits!
the question, why use own the verification can be authenticated acquaintances changed my secret?Murphy alipay also know who is in use?Of course not possible.
this noon, weibo certified as "ant gold security center official weibo" ant SHIELD release weibo "pay treasure for security response policy adjustment notification".In the weibo clearly explains the ins and outs of this way of verification.
this way is to first of all, we must do exist, but only under certain circumstances, pay treasure will assess risk control system, only in the case of higher safety coefficient can enable this way of verification.Such as stopping the flax withdrew from his account for the password back, before and after the use of mobile devices, are all the same, the system is considered safe coefficient is high, and friends of the account has never been in business hemp landing on your mobile phone, safety coefficient is low, you won't get acquaintance to the certification.
pay treasure to acknowledge this way, and make a correction, improve the level of risk control system, only in their mobile phone users can through identifying acquaintances and recent purchase items for validation.
not only so, pay treasure to pay and login passwords are two separate and different password.Even if someone tampered with the login password, cannot transfer and payment.
a justified, not only guarantees the safety within the scope of security also provides users with convenient.Pay treasure this was revealed loopholes instead of panic, instead, let the user see pay treasure is safe and reliable, can be said to be the biggest winner of the incident.
this is original headlines, without authorization, shall not be reproduced.