[Cryptography] Passwords: Perfect, except for being Flawed
John Levine
johnl at iecc.com
Thu Feb 19 16:31:45 EST 2015
>A side note on spyware: HSBC Canada has a clever way to do passwords.
>
>First, they don't let the customer choose the password, they assign it.
>The password is short and at each login they only ask for a few specific
>characters of the password. ...
It varies a lot. They let me choose the password from which they want
the three letters, but they would much rather I provide a PIN generated
by the security doozit they sent me.
http://obvious.services.net/2013/07/better-have-big-pockets-if-you-want.html
(The Canadian one is at the lower left.) They've pretty clearly
decided that passwords are inadequate for any but the smallest
accounts.
R's,
John
More information about the cryptography
mailing list