- From: Jim Ley <jim.ley@gmail.com>
- Date: Wed, 30 Mar 2005 13:58:29 +0100
On Wed, 30 Mar 2005 12:03:44 +0000 (UTC), Ian Hickson <ian at hixie.ch> wrote: > On Wed, 30 Mar 2005, Lachlan Hunt wrote: > Instead of a password, the bank issues you with a hardware device that > computes a one-time password that changes every minute. Which changes the security to a physical security problem > To be honest, the fact that there are still banks that use PIN codes or > passwords for Web-based access is frightening. I don't find it frightening at all, the levels of this sort of fraud aren't high, and the problem is phishing. The cost and inconvenience of lugging around yet another passkey device (4 bank accounts with different banks, a couple of corporate VPN's) is enough such that I simply wouldn't use a bank (or a banks internet access) if they forced such a device on me. The hardware methods don't stop phishing (they do make it slightly harder in that the removal of the money has to be immediate meaning there's more accounts needed to transfer money into) but as they're not perfect and are a considerable extra cost, can't be taken into a lot of countries of the world, I can't see the attraction. Jim.
Received on Wednesday, 30 March 2005 04:58:29 UTC