I hadn't really taken a look at personal certificates until this thread came up. It looks like thawte is offering personal certificates at no charge.
http://www.thawte.com/getinfo/products/personal/contents.html This would make it a more likely method since lots of site traffic wouldn't want to pay and people tyring out the service wouldn't be forced to pay just to login. When you say plug-in token are you talking about a browser plug-in? Aaron Johnson More Resources for PKI, CA, etc. http://ospkibook.sourceforge.net/docs/OSPKI-2.4.6/OSPKI/impl-mozilla.htm http://www.openca.org/ http://www.pki-page.org/ Gunther Birznieks wrote: > > > > >Of course, the best authentication system for banking I've seen is > >from UBS. They send you a scratchlist of around 100 numbers. Every > >time you login you use one of the numbers and cross it off. Very > >slick. > > Does that really work in practice? That sounds really annoying. Is this for > business banking or for retail? How do they get the next 100 numbers to the > user? Do they mail it out when they've used 90? > > It sounds like it would be less annoying to use certificates and some > plug-in token there is going to be that much extra work to deal with a > password sheet.