> >Of course, the best authentication system for banking I've seen is >from UBS. They send you a scratchlist of around 100 numbers. Every >time you login you use one of the numbers and cross it off. Very >slick.
Does that really work in practice? That sounds really annoying. Is this for business banking or for retail? How do they get the next 100 numbers to the user? Do they mail it out when they've used 90? It sounds like it would be less annoying to use certificates and some plug-in token there is going to be that much extra work to deal with a password sheet.