All this is still open to phishing is one worry. [EMAIL PROTECTED]
> Date: Mon, 19 Nov 2007 12:18:22 -0500> From: [EMAIL PROTECTED]> Subject: Re: > [ADVANCED-DOTNET] Increased Security> To: > ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > that bank might be "bank of america".> > > you enter your username...and click "login"..> > then they present you with > a picture (that you previously chose from a> gallery of 20 or so)....if that > picture matches the one you originally> picked and the description of said > picture matches the description you> entered when you picked it...the user is > expected to enter their password in> the privuded textbox and click a "login" > button again....> > i wouldn't call this "challenge/response"...i'd call it.. > "does this piece> of personal info match 'you'".> > you caould add a similar > concept...by maybe using existing user information> instead of a > picture....like the dollar amount of their last> transaction....the name of > their street (no house number, no zipcode...just> "Commonwealth Ave")...the > last login date.> > > > > -----Original Message-----> From: Discussion of > advanced .NET topics.> [mailto:[EMAIL PROTECTED] Behalf Of Paul Cowan> Sent: > Monday, November 19, 2007 12:14 PM> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > Subject: Re: [ADVANCED-DOTNET] Increased Security> > > Hi,> They just do not > feel username and password is adequate security.> > The guy sited some bank > which stored questions as well as the password.> I do not want to go down > that path as it would mean asking every existing> user to re-register.> > > > > [EMAIL PROTECTED]> > > > > Date: Mon, 19 Nov 2007 12:11:35 -0500> From: > [EMAIL PROTECTED]> Subject: Re:> [ADVANCED-DOTNET] Increased Security> To:> > ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > can your clients specifically> > pinpoint what they don't like about the> current security setup you use?> >> > Or did they hear some buzzword in your description that>> > kinda/sorta/might/maybe/possbily be mentioned in something else they read>> > about how it might not be secure?> > > > > -----Original Message-----> From:> > Discussion of advanced .NET topics.> [mailto:ADVANCE> > ===================================> This list is hosted by DevelopMentor® > http://www.develop.com> > View archives and manage your subscription(s) at > http://discuss.develop.com> > ===================================> This list > is hosted by DevelopMentor® http://www.develop.com> > View archives and > manage your subscription(s) at http://discuss.develop.com _________________________________________________________________ Celeb spotting – Play CelebMashup and win cool prizes https://www.celebmashup.com =================================== This list is hosted by DevelopMentor® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
