Le blog de Keyvan Nilforoushan

Three myths about online security

Great post on Who has time for this about the risks associated with online banking. David Cowan dispels three myths about banking security :

“Myth 1: User education is the key to solving the phishing problem.

Myth 2: We need smart cards and biometrics instead of passwords.

Myth 3: Banks need to deploy strong authentication at the login so that only trusted individuals enter the bank.”

Two ideas specially ring true :

  • No matter how strong authentication is at the user side, the user will not be safe from a man-in-the-middle attack where the thief poses as the bank. The best way to solve for this problem is to switch to 2 channel authentication : web, and a phone call, for instance.
  • There is no point in having the strongest possible authentication at the point of access : security measures should instead be escalated in accordance with the transaction’s importance, and behavioural profiling.

My bank has just changed its identification procedures. Now, instead of typing my password, I have to click on an onscreen numeric keypad. I’m not sure I see the point (besides making the system innacessible to vision-impaired people). I sure do feel the inconvenience, though…


Single Post Navigation

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s