Total Pageviews

17 November 2007

Bollocks security

Continuing the theme of e-mail/Internet security.

Tonight I wanted to set up a new bill payment. The bank, in response to customer paranoia about Internet security and phishing attacks now require me to carry my bank cards and their calculator like number generator that I now have to take with me on business if I want to set up a bill payment. No thanks. No, I don't want to trail a variety of calculator like devices around with me one for each account or service I might want to use. I think the encryption offered by the bank site together with the random letters and digits from a security password is secure enough.

However, aside from that, let us now look at the two options the bank presents:

1. Log onto the website, have it over a secure encrypted channel, type in a customer number securely, random digits from two separate passwords securely and use the calculator device to randomly generate a number. Pretty secure huh?

2. Alternatively, use a phone, have the conversation in clear text, have the audible key presses recordable by anyone in earshot with a microphone, no need for the card reader calculator device either. Set up bill payment successfully.

Does the analogy of having 50 billion million trillion zillion locks on your front door and only 1 on your back door apply here?

Which way do you think a burglar would want to break in?

Why do banks and other sites continue to believe that the phone is a secure means of communication?
Posted by at 01:41
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Worst contact centre award
    Having been on hold to the Orange contact centre (I guess that's what you would call it, I might call it a non-contact centre) for appro...
  • PRINCE2 + AGILE = Common sense?
    An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
  • Shut down vista via the keyboard
    In a breathtaking act of complete user ignorance, the so called new user experience of Windows Vista is now significantly harder to shut dow...
  • BlogThis and the Google Toolbar
    For some unknown reason Google has removed the very useful BlogThis feature from the Google toolbar. However if you want the BlogThis functi...
  • The VisitScotland connection and jobhunting
    Trying a bit of reverse marketing here to see whether posting to Google Groups: uk.jobs.wanted and also to Ebay.co.uk in an unconventional...
  • Dunblane gun register unfit for purpose
    Another government IT disaster. 10 years behind schedule, the Dunblane gun register is 'unfit for purpose' . The article also mentio...
  • World gone nuts
    The scene: A person on vacation walks into a late night store to buy some nuts. Present: The person, a shop assistant and a selection of ta...
  • Where to read my newer posts
    Find me on LinkedIn  https://www.linkedin.com/in/siliconglen/    Medium  https://siliconglen.medium.com/ thanks Craig
  • The birth of the machine
    There is only one time in the history of each planet when its inhabitants first wire up its innumerable parts to make one large Machine. Lat...
  • Please help this blog - links sought
    All In the last few months, I have seen the traffic to this blog rise to a reasonable level and there's been a lot of diverse comments a...