Continuing the theme of e-mail/Internet security.
Tonight I wanted to set up a new bill payment. The bank, in response to customer paranoia about Internet security and phishing attacks now require me to carry my bank cards and their calculator like number generator that I now have to take with me on business if I want to set up a bill payment. No thanks. No, I don't want to trail a variety of calculator like devices around with me one for each account or service I might want to use. I think the encryption offered by the bank site together with the random letters and digits from a security password is secure enough.
However, aside from that, let us now look at the two options the bank presents:
1. Log onto the website, have it over a secure encrypted channel, type in a customer number securely, random digits from two separate passwords securely and use the calculator device to randomly generate a number. Pretty secure huh?
2. Alternatively, use a phone, have the conversation in clear text, have the audible key presses recordable by anyone in earshot with a microphone, no need for the card reader calculator device either. Set up bill payment successfully.
Does the analogy of having 50 billion million trillion zillion locks on your front door and only 1 on your back door apply here?
Which way do you think a burglar would want to break in?
Why do banks and other sites continue to believe that the phone is a secure means of communication?
Popular Posts
-
An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
-
Having been on hold to the Orange contact centre (I guess that's what you would call it, I might call it a non-contact centre) for appro...
-
RFID - Really For Interesting Development? You may have read the controversy surrounding RFID (Radio Frequency Identification) tags. There ...
-
Scottish enterprise, the company that encourages businesses to have a business plan and follow it are recently famous for overspending by £3...
-
I haven't written a long blog in a while so I thought it was time to post this missive now that I've been living in London for 7 wee...
-
Having recently returned from a holiday in Oban, I thought it would be appropriate to comment on the state of Gaelic having been involved in...
-
As reported in Scotland on Sunday today. Blogging it here as the BBC has completely ignored the story. Rather than covering a story that wou...
-
Find me on LinkedIn https://www.linkedin.com/in/siliconglen/ Medium https://siliconglen.medium.com/ thanks Craig
-
I got called by Dell today. Several times I had to correct the person on how to pronounce my name. Cockburn is a 700+ year old Scottish name...
-
Many of us can't be bothered to prepare a real Will, with the resultant tax confusion and uncertainty that this causes especially in the...
No comments:
Post a Comment