On Sun, 27 Jul 2003, [iso-8859-1] Kandra Nyg�rds wrote:
Banks use passwords for authentication? That's what scares me.
Personally, I find it terrifying that banks allow such weak authentication as a password for financial transactions. To the best of my knowledge, all banks around here use a smartcard based system. It might be a bit more inconvenient, but the added security makes it well worth it, in my opinion.
Smartcard has become a marketing buzzword, and its difficult to figure out what people are actually refering too. In the US, almost no consumer computers include smartcard readers. Companies like American Express do issue "smartcards", but their use as smartcards in the US is extremely rare. Even minimal things like the Verified by VISA program have gained little consumer acceptance. Big projects like Secure Electronic Transaction (SET) failed. Banks in the US offer one-time-password systems to their corporate customers. I'm aware of one bank which offered OTP to consumers, but signed up less than a dozen customers in three years. SSL is the most successfull "security" feature implemented on the Internet. How many consumer ISP's offer OTPs to their ordinary customers (not employees, not special government or corporate contracts)?