On Tue, 23 Jan 2007 11:16:57 +1100 Alex Samad <[EMAIL PROTECTED]> wrote:
> On Mon, Jan 22, 2007 at 11:21:29PM +0000, Rev Simon Rumble wrote: > > > > A really simple two-factor authentication is for them to sms a > > single-use token to your mobile phone. This solves the "something > > you have + something you know" problem. Yes, if someone robs you > > AND somehow gets your password, you're stuffed. But that's less > > likely than being keylogged by crapware, which is really the > > problem they're trying to solve. Actually, if someone robs you and gets your password, you are largely protected by the current EFT Code of Conduct. The Banking Ombudsman has decided that robbery and trickery do not amount to voluntary disclosure of your password. > > NAB does the sms thingy as well It certainly is an improvement over what they did before (nothing). However, Bruce Schneier has argued that two factor authorisation is already too late since the bad guys are moving to "man in the middle" attacks. My own view on all of this is that the banks can do whatever they want so long as they wear the losses. They have an immense free resource in customers' PCs. My objection is that having chosen to make use of this free resource, the proposal before ASIC is an attempt to shift even the hidden costs to the consumer. Alan > > > > > -- > > Rev Simon Rumble <[EMAIL PROTECTED]> > > www.rumble.net > > > > "Women who seek to be equal with men lack ambition." > > - Timothy Leary > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > > > -- Alan L Tyree http://www2.austlii.edu.au/~alan Tel: +61 2 4782 2670 Mobile: +61 427 486 206 Fax: +61 2 4782 7092 FWD: 615662 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
