In article <[EMAIL PROTECTED]>, Alex <[EMAIL PROTECTED]>
wrote:
> What exactly do you mean by one-time passwords? I'm not
> familiar with it.
I have a password sheet that contains numbered login passwords and a set
of confirmation passwords.
When I log in to the back, I give the next unused login password on my
password sheet. That password is not used again. When I am done setting
up transactions, I have to recheck the list of transactions to verify
that a man in the middle has added transactions to the list. Then the
bank system tells me which one of the confirmation password to use.
This system was designed to prevent man in the middle attacks in the
days of unencrypted telnet and modem connections.
--
Henri Sivonen
[EMAIL PROTECTED]
http://www.clinet.fi/~henris/
