[Gllug] Any UK banks using one time passwords / secure ID tokens ?

Daniel P. Berrange dan at berrange.com
Sun Oct 2 12:35:53 UTC 2005 

As with most people these days, I do quite alot of online banking, but
I've been thinking about security a bit recently, and come to the conlusion
that I'm no longer really happy with the security measures provided by 
the various online banking services I've used thus far. Most are simply 
based around some form of secret code from which you are prompted to enter
a couple of digits each time, along with some dumbass personal security 
questions such as mothers maiden name, place of birth, date of birth, etc,
etc.

These security measures may have been sufficient back in the day when 
although the distant terminal would be considered as "untrusted", it was 
not really thought to be under active attack. Leave spyware running for a 
week, and you'll trivially have collected all digits from any secret code. 
Personal 'security' data is trivally recoverable from public records. And 
lets not even mention the phishing email scams. In short, IMHO, online 
banking security sucks ass.

At an absolute bare minimum, I'd like to be required to use one time 
passwords and/or one time keys from a secure ID generator token. I hear
such measures are common practice in countries such as Sweeden, but thats
not much use for me. So, my question, does anyone know of any UK banks
which are providing this kind of level of serious security ?

Regards,
Dan.
-- 
|=-            GPG key: http://www.berrange.com/~dan/gpgkey.txt       -=|
|=-       Perl modules: http://search.cpan.org/~danberr/              -=|
|=-           Projects: http://freshmeat.net/~danielpb/               -=|
|=-   berrange at redhat.com  -  Daniel Berrange  -  dan at berrange.com    -=|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20051002/0cc8c02e/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list