[LINK] A security question
David Lochrin
dlochrin at d2.net.au
Thu Dec 19 13:12:03 AEDT 2013
On 2013-12-19 11:06 Jim Birch wrote:
> >From the behaviour of banks we might infer:
>
> (1) Multifactor identification is too hard for a proportion of their customers
I find that really hard to believe! In any case there's an issue around acceptance of responsibility. If someone wants the convenience and higher interest rates available for some Internet banking accounts then I think they should be prepared to use a token or some other type of "hard" multifactor identification (not just answering a secret question) or accept some risk of loss.
Perhaps no bank wants to be the first to take a harder line?
On 2013-12-19 11:18 Paul Brooks wrote:
> Trouble with mobile phone/SMS is that it relies on the phone number, still being in the correct hands. There have been several articles about prepared thieves using mobile number portability to move the target's number to a device in their own hands - and then the SMS falls in the wrong hands as well.
That's interesting... do you have a reference?
The Commonwealth currently offers both token and SMS methods of secondary authentication however I believe they're running down their stocks of tokens (Vasco, made in China) in favour of SMS.
David L.
More information about the Link
mailing list