[LINK] Consumer computer security
Craig Sanders
cas at taz.net.au
Tue Jan 23 15:45:21 AEDT 2007
On Tue, Jan 23, 2007 at 02:08:07PM +1100, Marghanita da Cruz wrote:
> From a consumer perspective, wouldn't it would be better to leave Banks
> to decide what they use to authenticate users and the information they
> log about transactions. This would put the onus on them to prove the
> source of a fraud and demonstrate due care of their customers funds.
from a consumer perspective, it would be better if banks had several
options that the user could choose to enable. i'd personally choose
limited IP range, client-certificate, AND token/code from a keychain
gizmo, all in addition to login & password.
if i was going travelling, i would temporarily disable the IP limit and
take a laptop with me that had my client cert on it (i'd take a laptop
travelling anyway and set up a uucp-over-tcp feed or something for my
mail).
oh yeah: the banks should require, at minimum, login & password PLUS
a keychain token. client cert and IP address limit would be optional
restrictions.
craig
--
craig sanders <cas at taz.net.au> (part time cyborg)
More information about the Link
mailing list