[LINK] Consumer computer security
Marghanita da Cruz
marghanita at ramin.com.au
Tue Jan 23 16:08:37 AEDT 2007
Craig Sanders wrote:
> On Tue, Jan 23, 2007 at 02:08:07PM +1100, Marghanita da Cruz wrote:
>
>>From a consumer perspective, wouldn't it would be better to leave Banks
>>to decide what they use to authenticate users and the information they
>>log about transactions. This would put the onus on them to prove the
>>source of a fraud and demonstrate due care of their customers funds.
>
>
> from a consumer perspective, it would be better if banks had several
> options that the user could choose to enable. i'd personally choose
> limited IP range, client-certificate, AND token/code from a keychain
> gizmo, all in addition to login & password.
>
> if i was going travelling, i would temporarily disable the IP limit and
> take a laptop with me that had my client cert on it (i'd take a laptop
> travelling anyway and set up a uucp-over-tcp feed or something for my
> mail).
>
> oh yeah: the banks should require, at minimum, login & password PLUS
> a keychain token. client cert and IP address limit would be optional
> restrictions.
This was kind of my point, it is really up to the banks to do the risk
assessment. I don't think it should be left to consumers to choose.
The IP address/or a phone number would be useful in tracing the source
of the fraud rather than authentication.
I have had a laptop stolen...which makes me a bit wary of storing
anything on one. I would also be reticent to use a public computer or
even one in a workplace - but then as I said, I don't use Internet or
Telephone banking.
Marghanita
--
Marghanita da Cruz
http://www.ramin.com.au/
Telephone: 0414-869202
Ramin Communications Pty Ltd
ABN: 027-089-713-084
More information about the Link
mailing list