Here in the Netherlands, we have a bank (Rabobank) which sends the required code by SMS to your (registered) cellular phone as soon as you want to log in. So the codes are always fresh and random and only available to whoever knows the password ánd has the phone.
At my own bank, the bank-card is also a smartcard. When trying to log in, the bank issues a random six-digit challenge. With the use of a seperate cardreader, the bank-/smartcard can compute an (8-digit) response to the challenge. This response is computed with a private key stored in the card. The card can only be used after entering the correct PIN. Three wrong PINs block the smartcard. These two systems also obviously have their pro's and cons, but they both seem much more secure than the other schemes i have seen here. Peter 2006/9/28, pat hache <[EMAIL PROTECTED]>:
Here,(Mexico) BBVA / Bancomer uses 24 special three digits numbers on a card you need to have at hand to access your account after login and username... the system asks you one of those 24 numbers to allow each session - entry. supposed to be effective. .... donno if there is a similar system elsewhere.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]