Article on passwords in Wired News
Eugen Leitl
eugen at leitl.org
Thu Jun 3 12:13:04 EDT 2004
On Thu, Jun 03, 2004 at 08:14:39PM +1200, Peter Gutmann wrote:
> One-time passwords (TANs) was another thing I covered in the "Why isn't the
> Internet secure yet, dammit!" talk I mentioned here a few days ago. From
> talking to assorted (non-European) banks, I haven't been able to find any that
Customers hate PINs/TANs (have to carry then around, PINs typically are not
alphanumeric, and fixed-length, print is low-contrast). Which is why power
users have a (Windows-only, for some reason couldn't get GNUcash working,
despite right crypto libraries and proper port punched through firewall)
HBCI software alternatives. Which are not used widely, alas.
Banks tried to push smart cards, but very half-heartedly (didn't offer free
readers, which could have created critical mass). Now some folks are trying
to use existing smartcard-authenticated mobile phone infrastructure for
online payments, but it has its own problems (Bluetooth/IrDa, security, fax
effect, etc).
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040603/4e4c8289/attachment.pgp>
More information about the cryptography
mailing list