[Clips] Banks Seek Better Online-Security Tools

Florian Weimer fw at deneb.enyo.de
Mon Dec 5 13:42:33 EST 2005


* Nicholas Bohm:

> dan at geer.org wrote:
>> You know, I'd wonder how many people on this
>> list use or have used online banking.  
>> 
>> To start the ball rolling, I have not and won't.
>> 
>> --dan
>
> I do.
>
> My bank provides an RSA SecureId, so I feel reasonably safe against
> anyone other than the bank.

But it's just a token measure.  You should be afraid of your own
computer, your own network.  SecureID does not authenticate the server
you're going to send your data to.  It does not detect if your
computer is compromised.

Sure, right now, it might help you personally, but once these simple
tokens gain market share, attackers will adjust.  It's not a general
solution.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list