On Thu, 28 Sep 2006 12:34:24 -0700, Ed Gerck <[EMAIL PROTECTED]> wrote:
> Circle Bank is using a coordinate matrix to let > users pick three letters according to a grid, to be > entered together with their username and password. > > The matrix is sent by email, with the user's account > sign on ID in plaintext. > > Worse, the matrix is pretty useless for the majority of users, > with less usability than anything else I saw in a long time. > This is what the email says: > ... > This illustrates that playing with two-factor authentication can > make the system less secure than just username/password, while > considerably reducing usability. A lose-lose for users. I'd like to hear why you think the scheme isn't that usable. I disagree with you about its security. The question is what the threat model is. We all know that email can be intercepted over the wire. We also know that that's not very common or very easy, except for wireless hotspots. I assert that *most* email does not flow over such links, and that the probability of a successful interception by someone who's staked out a hotspot is quite low. Residential wireless? Sure, there's a lot of it, mostly unencrypted. If you're a bad guy, is there any reason you should be watching for that particular piece of email? You don't even know who the customers of that bank are. (Sure, there can be targeted attacks aimed at a given individual. Unless you're a member of the HP board of directors or a prominent technology journalist, that risk is low, too....) Again -- the scheme isn't foolproof, but it's probably *good enough*. What is their threat? There are two obvious answers: phishing and keystroke loggers. It works very well against the first, and tolerably well against the second, at least until the scheme catches on. A phisher has no knowledge of what challenges will appear, so that won't do much. (OTOH, an active attacker -- one who waits for you to connect to the site, then connects to the real bank and echoes the real challenge -- will succeed, but an active attacker will succeed against any scheme that doesn't involve bilateral authentication.) As for keystroke loggers -- the bad guy would have to capture enough table entries that they'd have a reasonable probability of seeing challenges they'd already received. The bad guy's strategy might be to try a lot of logins, until the hit a lucky set, but the bank's obvious defense is to lock people out after too many failed attempts. Yes, that's denial of service, but that's not the bad guy's goal here. In short -- I think that the scheme is well-matched to the threat. The one thing they should have done differently is not put the username in the same email -- you're told to safeguard the matrix, so you don't want to send the two in the same message, where someone who has compromised the file will get both. I agree that a matrix you need to look at is harder to use than, say, a password, but most two-factor schemes are going to be somewhat difficult. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]