[Cryptography] HSBC's Password Approach: Impressive
grarpamp
grarpamp at gmail.com
Mon Dec 23 18:35:42 EST 2013
> They are being pretty clever to make up for terribly endpoint security.
Yeah, all that might work for non brick and mortar stuff you maybe care about,
say email [1], and your fave pornsite. But really... you need to be able to
demand a hardware OTP token from your bank and brokerage... plenty of
cheap open hw exists for that, not RSA, ahem. Any B&M's that don't offer hw
are just using 'clever' obfuscation or cost reduction around the issue of real
security. But since they already cost reduced that nice 4-7% interest they
used to pay you, don't expect this anytime soon. Unless they figure with
real security they could then twist responsibility for that account wiping
transaction to uganda... on you.
[1] Outlook.com uses that stupid 'no cut/paste' thing, worthless and
annoying as fuck for those of us who use real password safes with
real random unmemorizable passwords.
More information about the cryptography
mailing list