The end of Phishing in sight?

[Gary Warner <gar () askgar com>]

This whole thread rather loses the point that carrying an RSA token for 
banking purposes is going to be a HUGE burden on the end-users, that 
they will probably not go along with.  At my employer, we grant "email 
only" access on a password, and "full network" access (really only those 
portions published in their Citrix neighborhood) to people who use the 
RSA token.  We have 1300 users, and have given out less than 100 
tokens.  Most of them we have given out are either not used, or actually 
RETURNED.  Of the few that use them, a goodly number have had to get 
replacements, as they lose the token.  Or they call on the weekend 
because they want something on the network but their token is at work, 
and what should they do?

The whole thing rather surprised me, as in other industries where I have 
worked you had to have your token with you to log in to your own PC even 
at work!  I guess its a "corporate culture".  The problem is "what is 
the corporate culture of a home banking customer"?

My guess is banks that force the issue will see a great customer 
migration.  Certain security-minded customers flocking to them, and 
probably 3x as many convenience-minded customers fleeing them.

_-_
gar  (who admittedly hasn't read the whole thread yet, and may be 
repeating something someone else said.)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.