[LINK] Security tokens

Karl Auer kauer at biplane.com.au
Wed Nov 14 22:34:25 AEDT 2007

On Wed, 2007-11-14 at 11:14 +0100, Kim Holburn wrote:
> It might be secure and it might not.  Banks are not exactly known for  
> choosing technologically secure software systems or at least not  
> being agile when it comes to new threats.

Security tokens of this sort *are* very secure. They cannot protect
against total theft of all authentication information (nothing can,
except maybe some kinds of biometrics). If you know my account ID and my
password and you have my token, you can access my account. If you have
only two of those, your chances are much slimmer, though how slim
depends on which two and/or how difficult my password is.

>   It might be just a show of  
> security to make the client feel better.

I've mistyped the numbers on my token quite often, and it has never let
me in with a mistyped number, so unless they have put a lot of effort
into mis-configuring the technology, my bank at least seems to be doing
it the right way.

Regards, K.

Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

More information about the Link mailing list