Aditya Deshmukh wrote:
The only most secure protection is a one time password with a challenge /
response scheme. Most of the banks in europe already do this.
They give out a calculator like device to the customers and when u want to
login you are presented with a challenge that you punch into you device
which spits a response that you enter that into the form....
Costly for the bank but very effective security for the customer and bank in
terms of gain in security and decrease in losses due to fraud ....
- Aditya
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Respectfully, I disagree.
Although I never attended, this year's IT Underground conference in
poland promised a hand on session breaking OTP tokens. As Schneier
says, OT token device merely force a tactical shift by the attacker, not
a permanent fix.
The credit card industry's 'fixes' have only been effective for weeks to
months over the past decade, so I don't consider OTPs will make much
difference relative to the cost in the mid-long term.
Lyal
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
