David Cantrell wrote: > On Tue, Dec 04, 2007 at 08:03:41AM -0600, sabrina downard wrote: > >> Dear Chase: And as for you people, you can just take that ridiculous >> "You're logging on from a new computer! OMG!" authorization code >> transfer nonsense and shove it where the sun don't shine. I am in >> fact NOT signing on from a new computer, I'm signing on from one of >> the two computers I always use, on its same IP it always uses, and >> your goddamn inability to handle cookies is not my problem. God, >> imagine the pain if I had multiple machines changing NAT addresses all >> the time behind my firewall at home. It's amazing it ever works for >> anyone at all. >> >> I want goddamn SecurID tokens for my banks just to eliminate this >> bullshit. I hear tell other people get them, and I'm bitterly, >> bitterly jealous. > > I find your naive faith that such obvious incompetents would implement > SecurID correctly to be most touching. >
Apologies in advance since this is not a hate: despite other issues I have with one my banks and their website, they have used one-time pad security since like mid-nineties, and over time they have honed it to be rather slick (with touches of user-friendliness: if I forget to cross the password I used, and try to reuse it, the website tells me that I have used that one already, how about trying to next one.) Oh, how do I get the one time pads? They send me them one by one in snail mail, and when they see I'm getting low, they send me a new one. To login I needs my "customer id" which is secret, not shown online or in receipts (and unrelated to my accounts or personal info, they told it to me once), and one of those one-time generated passwords. Transactions are verified by a different set of passwords. So it *is* possible for banks to have a clue, at least sometimes. What *is* hateful is that I know it is possible to do it better, and then being subjected to the utter disasters of web sites in other banks and similar institutions.
