|
 |
clipka <ano### [at] anonymous org> wrote:
> Am 25.12.2013 13:39, schrieb Warp:
> > clipka <ano### [at] anonymousorg> wrote:
> >> What bank uses a sheet of single-use codes and thinks that it's safe?
> >
> > Well, much safer than a fixed password.
> >
> > You can't do anything with the sheet alone if you don't have the user's ID.
> > Granted, it's not impossible to acquire both, but if you don't store your
> > ID anywhere and instead have it memorized, it becomes difficult. (Basically
> > they would need to install some spyware in the computer you are using in
> > order to get the ID, and then physically steal the passcode sheet. Not
> > impossible, but not likely to happen.)
> Just two words:
> (1) Phising.
> (2) Man-in-the-middle attack.
Does not help to get the physical code sheet.
> (A) Each time you submit a transaction via browser, you get a
> transaction-specific authorization code via SMS to your mobile phone,
> including some essentials of the transaction (like the amount of money
> transferred, and the target bank account) to make sure that you and the
> bank are talking about the same deal.
I suppose SMS verification would add an additional layer of security.
> (B) You get a code generator from your bank. Typically this would be a
> combination of a bank card with a built-in chip, plus a card reader with
> a built-in display to make sure that the code is generated from the
> transaction details you desire.
How exactly is this different from a sheet of one-use codes?
(Except, you know, the obvious: That method requires you to connect
a special device and software to your computer and configure it
appropriately.)
--
- Warp
Post a reply to this message
|
|
