Ivan Krstić
Wed, 02 Jul 2008 05:31:12 -0700
On Jul 1, 2008, at 12:46 PM, Perry E. Metzger wrote:
My experience with European banks is quite limited -- my consulting practice is pretty much US centric. My general understanding, however, is that they are doing better, not worse, with login security.
As a data point, the largest bank in Croatia used to mail customers pre-printed TAN lists. Some number of years ago, they switched to (non- SecurID) tokens which require a 4-digit PIN to turn on, and then provide two functions: a login OTP and a challenge/response system for authorizing individual transactions. Your username is simply the token's serial number, though it's not clear if these are in fact serial.
-- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]