On Thu, Jun 03, 2004 at 08:14:39PM +1200, Peter Gutmann wrote: > One-time passwords (TANs) was another thing I covered in the "Why isn't the > Internet secure yet, dammit!" talk I mentioned here a few days ago. From > talking to assorted (non-European) banks, I haven't been able to find any that
Customers hate PINs/TANs (have to carry then around, PINs typically are not alphanumeric, and fixed-length, print is low-contrast). Which is why power users have a (Windows-only, for some reason couldn't get GNUcash working, despite right crypto libraries and proper port punched through firewall) HBCI software alternatives. Which are not used widely, alas. Banks tried to push smart cards, but very half-heartedly (didn't offer free readers, which could have created critical mass). Now some folks are trying to use existing smartcard-authenticated mobile phone infrastructure for online payments, but it has its own problems (Bluetooth/IrDa, security, fax effect, etc). -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net
pgpp37oZjAHGy.pgp
Description: PGP signature
