funsec mailing list archives
RE: The end of Phishing in sight?
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 18 Oct 2005 16:10:23 -0400
People seem to accept using tokens at ATM's just fine to get to their money. Why not for their online bank accounts? (A better form factor might be a thick credit card, rather than a key fob.) The bigger problem is that these fobs only marginly increase security over PINs and passwords. Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Gary Warner Sent: Tuesday, October 18, 2005 3:12 PM To: funsec () linuxbox org Subject: [funsec] The end of Phishing in sight? This whole thread rather loses the point that carrying an RSA token for banking purposes is going to be a HUGE burden on the end-users, that they will probably not go along with. At my employer, we grant "email only" access on a password, and "full network" access (really only those portions published in their Citrix neighborhood) to people who use the RSA token. We have 1300 users, and have given out less than 100 tokens. Most of them we have given out are either not used, or actually RETURNED. Of the few that use them, a goodly number have had to get replacements, as they lose the token. Or they call on the weekend because they want something on the network but their token is at work, and what should they do? The whole thing rather surprised me, as in other industries where I have worked you had to have your token with you to log in to your own PC even at work! I guess its a "corporate culture". The problem is "what is the corporate culture of a home banking customer"? My guess is banks that force the issue will see a great customer migration. Certain security-minded customers flocking to them, and probably 3x as many convenience-minded customers fleeing them. _-_ gar (who admittedly hasn't read the whole thread yet, and may be repeating something someone else said.) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Re[4]: The end of Phishing in sight?, (continued)
- RE: Re[4]: The end of Phishing in sight? Marius Gheorghescu (Oct 17)
- Re: Re[4]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- Re: The end of Phishing in sight? Security Lists (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- The end of Phishing in sight? Gary Warner (Oct 18)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Jeff Rosowski (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- Re: The end of Phishing in sight? Tom Van Vleck (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- Re: The end of Phishing in sight? Fergie (Paul Ferguson) (Oct 18)
- Re: Re[4]: The end of Phishing in sight? Dr. Neal Krawetz (Oct 19)
(Thread continues...)
- RE: Re[4]: The end of Phishing in sight? Marius Gheorghescu (Oct 17)