- TalkBack 7 of 8:
- Next »
- « Previous
- Thread View
- Flat View
- Banks respond by loading consumers down with "One Time Password" Devices
-
What's really disheartening is that the banks' security "experts," acting through the Financial Services Technology Consortium, appear poised to standardize on a One Time Password (OTP)device approach to implementing strong authentication... With OTP, *each* online site, issues *each* user in a household a key-fob sized token with a 6 digit psuedo-random number that changes every 60 seconds. Two accounts, two tokens. Ten accounts, ten tokens. Two people in the house, double the number of tokens. Got your oversized key ring ready?
PLUS, as the article says, keystroke loggeers are being increasingly used to get credentials. All that an OTP device does is require that they relay the OTP code when you type it to them in real time, so they can use it right away. Automated scripts can do their part of the theft, so don't count on them getting overwhelmed.
It seems that the original FDIC and FSTC reports on countering phishing had recommended other options besides OTP tokens, which would have resulted in greater user convenience, and better security...
Isn't there an authentication device that can be shared among as many household users and online sites as desired, without having to rely on a third-party authorization service, and without requiring web site operators to know about one another? Ideally, such a device would be built in to laptops and keyboards, and would not require a user to remember or carry anything...
Oh wait... what's IBM up to with their T42, T43 and X41 laptops? Oh, and look... Toshiba, Dell, Gateway, Micron and Fujitsu are doing it too. Couldn't *that* device be leveraged to achieve stronger authentication that doesn't make me carry a bag o' tokens? - Posted by: SecurityThroughObscurity Posted on: 05/16/05 You are currently: a Guest | Members login | Terms of Use
This would require REAL data to succeed
BitTwiddler | 05/16/05
|
 
RE: REAL data
bobjones68@... | 05/16/05
|
|
Thank you LexisNexis, DSW, and others...
doctormoriarty | 05/16/05
|
|
There's an elephant in the room here...
SecurityThroughObscurity | 05/16/05
|
Agreed
doctormoriarty | 05/16/05
|
|
I think we need to go back to the old ways to solve this problem
Publius_z | 05/16/05
|
|
Banks respond by loading consumers down with "One Time Password" Devices
SecurityThroughObscurity | 05/16/05
|
|
One-Time Password Devices
MobiSecure | 05/16/05
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Windows Server 2008 R2 Optimizes IT
-
See how you can optimize your IT department and save money, using Windows Server 2008 R2.
- Click to download >>
Popular Sanity Saver Videos
