[LINK] Security tokens
Ivan Trundle
ivan at itrundle.com
Wed Nov 14 22:53:31 AEDT 2007
On 14/11/2007, at 10:44 PM, Kim Holburn wrote:
> On 2007/Nov/14, at 11:54 AM, Glen Turner wrote:
>
>> On Wed, 14 Nov 2007, Kim Holburn wrote:
>>> It might be secure and it might not. Banks are not exactly known
>>> for choosing technologically secure software systems or at least
>>> not being agile when it comes to new threats. It might be just a
>>> show of security to make the client feel better.
>>
>> It's easy to tell.
>>
>> A secure token will ask you to enter the transaction details and
>> a PIN number per transaction. Even if the machine is compromised
>> the worst case if that the transaction is delayed or discarded --
>> the transaction cannot be spoofed.
>
> Huh? The one I have is a little dingus, a fob if you will, - you
> press a button and get a number. That's it. You can't enter
> anything.
The bank that I deal with uses SMS tokens which are only valid for a
short period of time, and for a single transaction - a different
channel altogether. It also demands that I provide two answers to
questions that I posed previously as confirmation. Perhaps not
entirely foolproof, but it appears to offer a reasonable level of
security. Now if only they could code html and css with as much
confidence...
iT
More information about the Link
mailing list