Single-Factor Authentication

Fri, 09 Feb 2007 17:19:16 -0800

One of the arguments in favor of of a special treatment for the EV certification has been that of prevention of phishing, which I cited as a poor excuse! I also claim(ed), that the various operators of these web sites have the solution to this problem at their fingertips and that the browsers of today provide enough capabilities for the implementation of better security and prevention of phishing attacks. Dan Goodin seems to confirm at least partly exactly this in an article at The Register about the RSA security conference:
/Bank of America - which like the rest of its financial-services brethren offers only *single-factor authentication* - would rather be elsewhere proclaiming the convenience of online banking and leave the security outreach to the vendors. This arrangement - in which consumers rely more and more on products and infrastructure that treat security as an out-sourced afterthought - is well and good for the service providers and the security vendors, but it does little for the herd of everyday users who can't resist the siren's call to join the online revolution./ 


A good read and interesting article anyway: 
http://www.theregister.com/2007/02/09/rsa_fear/


--
Regards

Signer:      Eddy Nigg, StartCom Ltd.
Phone:       +1.213.341.0390



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security






















					Reply via email to