Article on passwords in Wired News
martin f krafft
madduck at madduck.net
Thu Jun 3 20:24:13 EDT 2004
also sprach Peter Gutmann <pgut001 at cs.auckland.ac.nz> [2004.06.03.1014 +0200]:
> One-time passwords (TANs) was another thing I covered in the "Why
> isn't the Internet secure yet, dammit!" talk I mentioned here
> a few days ago. From talking to assorted (non-European) banks,
> I haven't been able to find any that are planning to introduce
> these in the foreseeable future. I've also been unable to get any
> credible explanation as to why not, as far as I can tell it's
> "We're not hurting enough yet". Maybe it's just a cultural thing,
> certainly among European banks it seems to be a normal part of
> allowing customers online access to banking facilities.
While these are definitely nice, I am not particularly pleased. For
one, they are only "what you have", and not anything else.
I love the Swiss system, which is a token card and a reader, locked
with a PIN. You go to the web, get a challenge, run it through the
reader after inserting the card and entering the pin, then it spits
out the response, which you enter, and you're in...
Simple, efficient, secure.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
"you raise the blade, you make the change
you rearrange me till i'm sane.
you lock the door, and throw away the key,
there's someone in my head but it's not me."
-- pink floyd, 1972
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040604/3e16c1f6/attachment.pgp>
More information about the cryptography
mailing list