[Clips] Banks Seek Better Online-Security Tools
Eugen Leitl
eugen at leitl.org
Mon Dec 5 02:54:58 EST 2005
On Sun, Dec 04, 2005 at 05:51:11PM -0500, leichter_jerrold at emc.com wrote:
> | To start the ball rolling, I have not and won't.
> Until a couple of months ago, I avoided doing anything of this sort at all.
> Simple reasoning: If I know I never do any financial stuff on-line, I can
> safely delete any message from a bank or other financial institution.
I've been using online banking for many years, both US and Germany.
The German PIN/TAN system is reasonably secure,
being an effective one-time pad distributed through out of band channel
(mailed dead tree in a tamperproof envelope). It is of course not immune
to phishing (PIN/TAN harvesting), which has become quite rampant recently.
I'm about to setup HBCI with my business account (both GnuCash and
openhbci/aqbanking from the command line), which can in principle cooperate
with a smartcard. It is a major pain to set up, however, especially on an
unsupported platform.
I do have a HBCI smartcard setup with my private account but don't use it
since it's locked in a proprietary software jail.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20051205/eedec94f/attachment.pgp>
More information about the cryptography
mailing list