* Levi Pearson [Wed, 14 Mar 2007 at 11:22 -0600] <quote> > Topher Fischer <[EMAIL PROTECTED]> writes: > > Since I've started working on this, I haven't used a login form that > > wasn't given to me over SSL. Luckily, everything I use has some sort of > > secure login form somewhere on their site. I've tried to find one for > > Zion's bank, and haven't been able to. Fortunately, I don't bank with them. > > Zion's Bank uses one of those new-fangled multi-step logins. You > enter your user id on the front page, and then you are shown a picture > and asked a question (over a ssl connection) or, if you've previously > done this step and got a cookie, you're shown a picture and asked to > enter your password. Since only the user id is entered into the form > in the non-ssl page, it should be safe from your particular attack. > > --Levi
Unfortunately, with Zions, at least as far as I've seen, the "username" that they use is your SSN. On top of that, what I really don't get is why if you try to put https in front of the home page it just fails to load at all. I called once about this but lost patience when the bonehead on the phone just insisted that "the password page is secure". Oh well. Von Fugal
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */