The wisdom of the ill informed

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Tue Jul 1 23:53:11 EDT 2008


On Jul 1, 2008, at 12:46 PM, Perry E. Metzger wrote:
> My experience with European banks is quite limited -- my consulting
> practice is pretty much US centric. My general understanding, however,
> is that they are doing better, not worse, with login security.


As a data point, the largest bank in Croatia used to mail customers  
pre-printed TAN lists. Some number of years ago, they switched to (non- 
SecurID) tokens which require a 4-digit PIN to turn on, and then  
provide two functions: a login OTP and a challenge/response system for  
authorizing individual transactions. Your username is simply the  
token's serial number, though it's not clear if these are in fact  
serial.

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list