Circle Bank plays with two-factor authentication

Jason Axley jason at axley.net
Mon Oct 2 13:19:49 EDT 2006 

<snip>

The question is what the threat model is.  We all know that email can be
intercepted over the wire.  We also know that that's not very common or
very easy, except for wireless hotspots.  I assert that *most* email does
not flow over such links, and that the probability of a successful
interception by someone who's staked out a hotspot is quite low.
Residential wireless?  Sure, there's a lot of it, mostly unencrypted.  If
you're a bad guy, is there any reason you should be watching for that
particular piece of email?  You don't even know who the customers of that
bank are.  (Sure, there can be targeted attacks aimed at a given
individual.  Unless you're a member of the HP board of directors or a
prominent technology journalist, that risk is low, too....)

Again -- the scheme isn't foolproof, but it's probably *good enough*.

What is their threat?  There are two obvious answers: phishing and
keystroke loggers.

</snip>

The threat model that does not get enough attention (especially by
purported anti-phishing security mechanisms) is that if a phisher can
obtain your password, and most people use the same password all over the
place, then the adversary can simply log into your email and read any
sensitive information directly.  They don't need to eavesdrop.  They don't
need to put spyware on your box to busy-poll your email inbox.
Traditional phishing attacks _still work_, just with a level of
indirection.

Ultimately, these kinds of anti-phishing schemes that require sending
secret information to your email inbox are no more secure than your email
password.  Presumably, the reason that these schemes are required is to
combat password theft (phishing) and password guessing so at the end of
the day, how much do they really buy you?  One level of indirection?  One
minor change in tactics?

-Jason

--------------------------------------------------------------------- The
Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list