This thread is fascinating...but a bit misguided. Consider that somone's home computer in the US is used for their finances (e.g. Quicken), tax returns, and other applications. Think of the wealth of identity-related information in those applications. If the computer is compromised, the identity-related information can be stolen without regard to tokens, biometrics, separate USB hash creators, or any other device.
* if the home computer is 0wned, it's game over *.
Now if the computer is not 0wned, then the other controls can be very useful in verifying identities and mitigating the risk of fraudulent transactions.
I suggest we re-evaluate the issue _assuming_the_computer_is_not_compromised.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
