[Cryptography] Passwords: Perfect, except for being Flawed

John Levine johnl at iecc.com
Thu Feb 19 16:31:45 EST 2015


>A side note on spyware: HSBC Canada has a clever way to do passwords.
>
>First, they don't let the customer choose the password, they assign it. 
>The password is short and at each login they only ask for a few specific 
>characters of the password. ...

It varies a lot.  They let me choose the password from which they want
the three letters, but they would much rather I provide a PIN generated
by the security doozit they sent me.

http://obvious.services.net/2013/07/better-have-big-pockets-if-you-want.html

(The Canadian one is at the lower left.)  They've pretty clearly
decided that passwords are inadequate for any but the smallest
accounts.

R's,
John


More information about the cryptography mailing list