[LINK] Security tokens

Ivan Trundle ivan at itrundle.com
Wed Nov 14 22:53:31 AEDT 2007

On 14/11/2007, at 10:44 PM, Kim Holburn wrote:

> On 2007/Nov/14, at 11:54 AM, Glen Turner wrote:
>> On Wed, 14 Nov 2007, Kim Holburn wrote:
>>> It might be secure and it might not.  Banks are not exactly known  
>>> for choosing technologically secure software systems or at least  
>>> not being agile when it comes to new threats.  It might be just a  
>>> show of security to make the client feel better.
>> It's easy to tell.
>> A secure token will ask you to enter the transaction details and
>> a PIN number per transaction. Even if the machine is compromised
>> the worst case if that the transaction is delayed or discarded --
>> the transaction cannot be spoofed.
> Huh?  The one I have is a little dingus, a fob if you will, - you  
> press a button and get a number.  That's it.  You can't enter  
> anything.

The bank that I deal with uses SMS tokens which are only valid for a  
short period of time, and for a single transaction - a different  
channel altogether. It also demands that I provide two answers to  
questions that I posed previously as confirmation. Perhaps not  
entirely foolproof, but it appears to offer a reasonable level of  
security. Now if only they could code html and css with as much  


More information about the Link mailing list