In article <[EMAIL PROTECTED]>, Jerry Baker
<[EMAIL PROTECTED]> wrote:
> So you need a new password everytime you log on?
Yes.
I also have to confirm money transfers with a confirmation password.
There are 18 of those. They are reusable and the system tells me which
one it wants to know.
> How do they transmit that to you securely,
By snail mail. The envelope has built-in tamper evidence (opening it
breaks it beyond repair). It also has random junk printed on the inside,
so you can see the password sheet through the envelope.
Basically it is based on trusting the postal workers. (I guess it is
possible to fetch a new sheet from a b&m bank office in person, if one
is really paranoid.)
> Plain old password validation is fine if done over SSL.
Why are all the American banks so scared then? :-)
The authentication system I use dates from the days of unencrypted phone
and telnet connections and there has been no reason to downgrade
security.
--
Henri Sivonen
[EMAIL PROTECTED]
http://www.clinet.fi/~henris/
