[LINK] Consumer computer security

Craig Sanders cas at taz.net.au
Tue Jan 23 15:45:21 AEDT 2007

On Tue, Jan 23, 2007 at 02:08:07PM +1100, Marghanita da Cruz wrote:
> From a consumer perspective, wouldn't it would be better to leave Banks 
> to decide what they use to authenticate users and the information they 
> log about transactions. This would put the onus on them to prove the 
> source of a fraud and demonstrate due care of their customers funds.

from a consumer perspective, it would be better if banks had several
options that the user could choose to enable. i'd personally choose
limited IP range, client-certificate, AND token/code from a keychain
gizmo, all in addition to login & password.

if i was going travelling, i would temporarily disable the IP limit and
take a laptop with me that had my client cert on it (i'd take a laptop
travelling anyway and set up a uucp-over-tcp feed or something for my

oh yeah: the banks should require, at minimum, login & password PLUS
a keychain token. client cert and IP address limit would be optional


craig sanders <cas at taz.net.au>           (part time cyborg)

More information about the Link mailing list