that bank might be "bank of america". you enter your username...and click "login"..
then they present you with a picture (that you previously chose from a gallery of 20 or so)....if that picture matches the one you originally picked and the description of said picture matches the description you entered when you picked it...the user is expected to enter their password in the privuded textbox and click a "login" button again.... i wouldn't call this "challenge/response"...i'd call it.. "does this piece of personal info match 'you'". you caould add a similar concept...by maybe using existing user information instead of a picture....like the dollar amount of their last transaction....the name of their street (no house number, no zipcode...just "Commonwealth Ave")...the last login date. -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] Behalf Of Paul Cowan Sent: Monday, November 19, 2007 12:14 PM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: Re: [ADVANCED-DOTNET] Increased Security Hi, They just do not feel username and password is adequate security. The guy sited some bank which stored questions as well as the password. I do not want to go down that path as it would mean asking every existing user to re-register. [EMAIL PROTECTED] > Date: Mon, 19 Nov 2007 12:11:35 -0500> From: [EMAIL PROTECTED]> Subject: Re: [ADVANCED-DOTNET] Increased Security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > can your clients specifically pinpoint what they don't like about the> current security setup you use?> > Or did they hear some buzzword in your description that> kinda/sorta/might/maybe/possbily be mentioned in something else they read> about how it might not be secure?> > > > > -----Original Message-----> From: Discussion of advanced .NET topics.> [mailto:ADVANCE =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
