[Clips] Banks Seek Better Online-Security Tools
Nicholas Bohm
nbohm at ernest.net
Tue Dec 6 06:02:44 EST 2005
Florian Weimer wrote:
> * Nicholas Bohm:
>
>
>>dan at geer.org wrote:
>>
>>>You know, I'd wonder how many people on this
>>>list use or have used online banking.
>>>
>>>To start the ball rolling, I have not and won't.
>>>
>>>--dan
>>
>>I do.
>>
>>My bank provides an RSA SecureId, so I feel reasonably safe against
>>anyone other than the bank.
>
>
> But it's just a token measure. You should be afraid of your own
> computer, your own network. SecureID does not authenticate the server
> you're going to send your data to. It does not detect if your
> computer is compromised.
>
> Sure, right now, it might help you personally, but once these simple
> tokens gain market share, attackers will adjust. It's not a general
> solution.
I accept all that.
I hope, not too confidently, that before the attackers adjust enough,
banks will start giving their customers FINREAD type
secure-signature-creation devices of decent provenance whose security
does not rely on non-compromise of my PC or network.
Nicholas Bohm
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 871272 (+44 1279 871272)
Fax 020 7788 2198 (+44 20 7788 2198)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list