[Gllug] Any UK banks using one time passwords / secure ID tokens ?

Alain Williams addw at phcomp.co.uk
Sun Oct 2 13:38:52 UTC 2005 

On Sun, Oct 02, 2005 at 01:35:53PM +0100, Daniel P. Berrange wrote:
> As with most people these days, I do quite alot of online banking, but
> I've been thinking about security a bit recently, and come to the conlusion
> that I'm no longer really happy with the security measures provided by 
> the various online banking services I've used thus far. Most are simply 
> based around some form of secret code from which you are prompted to enter
> a couple of digits each time, along with some dumbass personal security 
> questions such as mothers maiden name, place of birth, date of birth, etc,
> etc.
> 
> These security measures may have been sufficient back in the day when 
> although the distant terminal would be considered as "untrusted", it was 
> not really thought to be under active attack. Leave spyware running for a 
> week, and you'll trivially have collected all digits from any secret code. 
> Personal 'security' data is trivally recoverable from public records. And 
> lets not even mention the phishing email scams. In short, IMHO, online 
> banking security sucks ass.
> 
> At an absolute bare minimum, I'd like to be required to use one time 
> passwords and/or one time keys from a secure ID generator token. I hear
> such measures are common practice in countries such as Sweeden, but thats
> not much use for me. So, my question, does anyone know of any UK banks
> which are providing this kind of level of serious security ?

As far as UK banks are concerned, security means protecting their own security.
They want to offload the responsibility for something going wrong onto someone else.

I have not done electronic banking simply because there is not a non-repudiation
mechanism, ie if I move X pounds from A to B and the bank fails to do it, how
do I prove that I ordered the bank to do it but the failed ?

-- 
Alain Williams
Parliament Hill Computers Ltd.
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/

#include <std_disclaimer.h>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20051002/28312a18/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list