funsec mailing list archives
The end of Phishing in sight?
From: Gary Warner <gar () askgar com>
Date: Tue, 18 Oct 2005 14:12:18 -0500
This whole thread rather loses the point that carrying an RSA token for banking purposes is going to be a HUGE burden on the end-users, that they will probably not go along with. At my employer, we grant "email only" access on a password, and "full network" access (really only those portions published in their Citrix neighborhood) to people who use the RSA token. We have 1300 users, and have given out less than 100 tokens. Most of them we have given out are either not used, or actually RETURNED. Of the few that use them, a goodly number have had to get replacements, as they lose the token. Or they call on the weekend because they want something on the network but their token is at work, and what should they do?
The whole thing rather surprised me, as in other industries where I have worked you had to have your token with you to log in to your own PC even at work! I guess its a "corporate culture". The problem is "what is the corporate culture of a home banking customer"?
My guess is banks that force the issue will see a great customer migration. Certain security-minded customers flocking to them, and probably 3x as many convenience-minded customers fleeing them.
_-_gar (who admittedly hasn't read the whole thread yet, and may be repeating something someone else said.)
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: The end of Phishing in sight?, (continued)
- Re: The end of Phishing in sight? Mark C (Oct 17)
- Re: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- Re: The end of Phishing in sight? Mark C (Oct 17)
- RE: Re[4]: The end of Phishing in sight? Marius Gheorghescu (Oct 17)
- Re: Re[4]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- Re: The end of Phishing in sight? Security Lists (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- The end of Phishing in sight? Gary Warner (Oct 18)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Jeff Rosowski (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- Re: The end of Phishing in sight? Tom Van Vleck (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
(Thread continues...)