Circle Bank plays with two-factor authentication

Peter van Liesdonk peter at liesdonk.nl
Mon Oct 2 03:49:50 EDT 2006


Here in the Netherlands, we have a bank (Rabobank) which sends the
required code by SMS to your (registered) cellular phone as soon as
you want to log in. So the codes are always fresh and random and only
available to whoever knows the password ánd has the phone.

At my own bank, the bank-card is also a smartcard. When trying to log
in, the bank issues a random six-digit challenge. With the use of a
seperate cardreader, the bank-/smartcard can compute an (8-digit)
response to the challenge. This response is computed with a private
key stored in the card. The card can only be used after entering the
correct PIN. Three wrong PINs block the smartcard.

These two systems also obviously have their pro's and cons, but they
both seem much more secure than the other schemes i have seen here.

Peter

2006/9/28, pat hache <tercasa at prodigy.net.mx>:
> Here,(Mexico) BBVA / Bancomer uses 24 special three digits numbers on a
>   card you need  to have at hand to access your account after login and
> username... the system asks you one of those 24 numbers to allow each
> session - entry.
> supposed to be effective. .... donno if there is a similar system
> elsewhere.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list