You are here: silicon.com > Software > Security Strategy

Security Strategy

'Anti-phishing' verbal signatures get thumbs up

By Will Sturgeon

Published: Wednesday 12 January 2005


Email story to a Friend | Report Abuse

Name

nick coster


Location

Australia


Occupation

product development manager


Comment

Although I agree that this is a good step it makes the believability of a potential con stronger.

Let's say my bank password is "rabbit" and the bank calls me or I call the bank.

First the bank needs to ensure that they have the right customer, at least to a first level of authentication, so I provide them with my username or account number.

Now they tell me my secret password - "rabbit". So far so good....

Except I am actually a fraudster phishing the bank. Now I have the customers secret bank password. I can hang up and proceed with cold calling this unlucky customer and use the "secret" bank password to gain the customers trust. Now I just ask for all of the answers to all of the other identification questions that will allow me to steal the identity of the customer. <Dr Evil laughter>

The point here really is that a static password can be defeated quite easily in this manner. What is really needed is some way of sharing a pass code is available and useful only to the bank and the customer and cannot be replayed more than once. This is a harder problem to solve.

I am a big supporter of adding simple methods of raising the security bar, however customers must understand that it is only an incremental increase and should remain on their guard.

--nick c


Previous comment
Next comment

Post a comment

Back to 'Anti-phishing' verbal signatures get thumbs up


Reader Comments

At least Egg and LoydsTSB call to check out of the...
David Barker

Although I agree that this is a good step it makes...
nick coster

Nick I think you missed the point in the article. ...
Misha

I think Nick still has a relevant point, static se...
Rob

Misha I didn't miss the point but my second line d...
--nick c

I hope the banks are monitoring all of this, becau...
Kevin Inskip

The future of online authentication will have to b...
nick coster

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

The Round-Up The Weekly Round-Up: 03.12.09 'Ere guv, you'll never guess who I had in the back of my cab the other day…'

Stuart Roberts Shared services - how to get it right in your business Recession boosts uptake

Happy Christmas for retailers as UK shoppers shell out £5bn

Whitehall's G-Cloud gets clearer

Green light for UK IT skills school to arrive next year

IT gender pay gap getting worse

Facebook, Google, eBay urge Mandelson to abandon copyright plan


Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

Cultivating Risk Intelligence for Competitive Advantage

JD Edwards Spotlight Video

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Accounting Firm Boosts Productivity Through Rapid Adoption of Easy-to-Use CRM Solution



Quick Sitemap Links: