[Clips] Banks Seek Better Online-Security Tools

Nicholas Bohm nbohm at ernest.net
Tue Dec 6 06:02:44 EST 2005


Florian Weimer wrote:
> * Nicholas Bohm:
> 
> 
>>dan at geer.org wrote:
>>
>>>You know, I'd wonder how many people on this
>>>list use or have used online banking.  
>>>
>>>To start the ball rolling, I have not and won't.
>>>
>>>--dan
>>
>>I do.
>>
>>My bank provides an RSA SecureId, so I feel reasonably safe against
>>anyone other than the bank.
> 
> 
> But it's just a token measure.  You should be afraid of your own
> computer, your own network.  SecureID does not authenticate the server
> you're going to send your data to.  It does not detect if your
> computer is compromised.
> 
> Sure, right now, it might help you personally, but once these simple
> tokens gain market share, attackers will adjust.  It's not a general
> solution.

I accept all that.

I hope, not too confidently, that before the attackers adjust enough,
banks will start giving their customers FINREAD type
secure-signature-creation devices of decent provenance whose security
does not rely on non-compromise of my PC or network.

Nicholas Bohm
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone   01279 871272    (+44 1279 871272)
Fax      020 7788 2198   (+44 20 7788 2198)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list