North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: User negligence?

  • From: Sean Donelan
  • Date: Sun Jul 27 04:35:07 2003

On Sun, 27 Jul 2003, [iso-8859-1] Kandra Nygårds wrote:
> Banks use passwords for authentication? That's what scares me.
> Personally, I find it terrifying that banks allow such weak authentication
> as a password for financial transactions. To the best of my knowledge, all
> banks around here use a smartcard based system. It might be a bit more
> inconvenient, but the added security makes it well worth it, in my opinion.

Smartcard has become a marketing buzzword, and its difficult to figure out
what people are actually refering too.

In the US, almost no consumer computers include smartcard readers.
Companies like American Express do issue "smartcards", but their use
as smartcards in the US is extremely rare.  Even minimal things like the
Verified by VISA program have gained little consumer acceptance.  Big
projects like Secure Electronic Transaction (SET) failed.

Banks in the US offer one-time-password systems to their corporate
customers.  I'm aware of one bank which offered OTP to consumers, but
signed up less than a dozen customers in three years.

SSL is the most successfull "security" feature implemented on the

How many consumer ISP's offer OTPs to their ordinary customers (not
employees, not special government or corporate contracts)?