Continuing the theme of e-mail/Internet security.
Tonight I wanted to set up a new bill payment. The bank, in response to customer paranoia about Internet security and phishing attacks now require me to carry my bank cards and their calculator like number generator that I now have to take with me on business if I want to set up a bill payment. No thanks. No, I don't want to trail a variety of calculator like devices around with me one for each account or service I might want to use. I think the encryption offered by the bank site together with the random letters and digits from a security password is secure enough.
However, aside from that, let us now look at the two options the bank presents:
1. Log onto the website, have it over a secure encrypted channel, type in a customer number securely, random digits from two separate passwords securely and use the calculator device to randomly generate a number. Pretty secure huh?
2. Alternatively, use a phone, have the conversation in clear text, have the audible key presses recordable by anyone in earshot with a microphone, no need for the card reader calculator device either. Set up bill payment successfully.
Does the analogy of having 50 billion million trillion zillion locks on your front door and only 1 on your back door apply here?
Which way do you think a burglar would want to break in?
Why do banks and other sites continue to believe that the phone is a secure means of communication?
By Craig Cockburn, IT Professional from Scotland. Critical Thinking, Agile Delivery, Politics and Society
Total Pageviews
Subscribe to:
Post Comments (Atom)
Popular Posts
-
An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
-
Find me on LinkedIn https://www.linkedin.com/in/siliconglen/ Medium https://siliconglen.medium.com/ thanks Craig
-
The UK Government Digital Service (GDS) has just had a reboot . However will it be value for money and deliver its objectives? Will th...
-
Your profile indicates you have been contracting recently, therefore you will only be interested in contract work then? Incorrect. Thi...
-
Buy and sell anything online using Twitter for free. I thought this was worth a try. Twitter has taken off because it is short, simple, easy...
-
Every time I go to the post office there's a queue. No matter how much they try and keep the queue length down, inevitably you get stuck...
-
I thought I would write this to document the ongoing problems I have with my Nokia N97. It seems from the conversation in the phone shop tod...
-
Introduction You may be wondering the significance of the three Scottish flags in the image. I took this picture a few weeks ago. I...
-
I've been having a busy time over on the Cambrian House site lately. Check out my profile and the full set of awards I completed last ...
-
I first promoted Demon in June 1992, the month they set up. I joined them as a customer the following year. This is the first time I have mo...
No comments:
Post a Comment