[Wylug-discuss] A Business Bank that works because Alliance and
Leicester doesn't.
Chris Davies
chris at roaima.co.uk
Thu Oct 11 15:40:24 BST 2007
Anne Wilson wrote:
> :-) They'll need a bit more info than that to get anywhere :-) Actually, one
> of the things I like about A & L is that phishing is harder than on many
> other banking sites. During the login you are presented with a screen that
> contains a picture chosen by them and a phrase chosen by you. It would be
> impossible for phishers to guess those. Of course, if idiots ignore safety
> procedures there's not much you can do to safeguard them.
That doesn't stop machine-in-the middle attacks, though, does it. (I always
figured that was the way to go, and was quite surprised to see that it took
until last year for Citibank accounts to be broken that way.)
How many people /really/ check for the "padlock" on their banking website AND
that they haven't mistyped the URL (hsbc vs hbsc for example)? Especially as
some of these banks force users to access their accounts via a separate window
that hides the address bar (and hence one can't see the httpS prefix). Hello
HSBC if you're listening.
Chris
More information about the Wylug-discuss
mailing list