| Have you seen the technique used at http://www.griddatasecurity.com ? Sounds
| a lot like your original idea.
Nah - more clever than what I had (which was meant for an age when you
couldn't carry any computation with you, and things you interacted with
on a day by day basis didn't have
Here in the Netherlands, we have a bank (Rabobank) which sends the
required code by SMS to your (registered) cellular phone as soon as
you want to log in. So the codes are always fresh and random and only
available to whoever knows the password ánd has the phone.
At my own bank, the bank-card is
snip
The question is what the threat model is. We all know that email can be
intercepted over the wire. We also know that that's not very common or
very easy, except for wireless hotspots. I assert that *most* email does
not flow over such links, and that the probability of a successful
Have you seen the technique used at http://www.griddatasecurity.com
? Sounds a lot like your original idea.
Screen shot here: http://blogs.zdnet.com/threatchaos/?p=374
-Richard Stiennon
At 02:40 PM 9/28/2006, Leichter, Jerry wrote:
| Circle Bank is using a coordinate matrix to let
|
* Steven M. Bellovin:
Again -- the scheme isn't foolproof, but it's probably *good enough*.
I agree that if you consider this scheme in isolation, it's better
than plain user names and passwords. But I wonder if it significantly
increases customer confusion because banks told their customer
On Thu, 28 Sep 2006 12:34:24 -0700, Ed Gerck [EMAIL PROTECTED] wrote:
Circle Bank is using a coordinate matrix to let
users pick three letters according to a grid, to be
entered together with their username and password.
The matrix is sent by email, with the user's account
sign on ID in
Steven M. Bellovin wrote:
I'd like to hear why you think the scheme isn't that usable. I disagree
with you about its security.
The first condition for security is usability. I consider this to be
self-evident.
Users have difficulty already with something as simple as username/pwd.
Here, the
Circle Bank is using a coordinate matrix to let
users pick three letters according to a grid, to be
entered together with their username and password.
The matrix is sent by email, with the user's account
sign on ID in plaintext.
Worse, the matrix is pretty useless for the majority of users,
| Circle Bank is using a coordinate matrix to let
| users pick three letters according to a grid, to be
| entered together with their username and password.
|
| The matrix is sent by email, with the user's account
| sign on ID in plaintext.
|
| Worse, the matrix is pretty useless for the
Here,(Mexico) BBVA / Bancomer uses 24 special three digits numbers on a
card you need to have at hand to access your account after login and
username... the system asks you one of those 24 numbers to allow each
session - entry.
supposed to be effective. donno if there is a similar system
10 matches
Mail list logo