Friday, December 24, 2004
ID device for online security
CNet's News.com reports that starting from early 2005 some banks are going to start issuing small ID devices that let users identify themselves when they log onto the bank's website.
The users can still be tricked into revealing their username, password and the number from the device via phishing. I dont see how this solution solves the ever growing problem of phishing. I guess, the banks decided to tackle the issue of password or account hijacking. But they need to consider other security compromise scenarios as well.
The devices, which are handheld and small enough to attach to a keychain, are expected to cost customers roughly $10. They display a six-digit number that changes once a minute; people seeking access to their accounts would type in that number as well as a user name and password. The devices are freestanding; they do not plug into a computer.
The users can still be tricked into revealing their username, password and the number from the device via phishing. I dont see how this solution solves the ever growing problem of phishing. I guess, the banks decided to tackle the issue of password or account hijacking. But they need to consider other security compromise scenarios as well.
Copyright Anand Jain 2004, 2005. All rights
reserved.
Webmaster
