Submission + - Enhanced login
140Mandak262Jamuna writes: Most banking, mutual fund, and brokerage sites use very simple username+password screens to login. They are vulnerable to phish attacks and key logging etc. Recently Vanguard introduced its enhanced login screen. Basically you select a special "security image" from a list of 100 such images. Then everytime you login, before prompting for the password this image is shown. Thus it offers some protection against mass mailed phish attack.
I was wondering what other simple things they can do to improve the security of login process. I think they should allow me to customize my login screen. Type in the user name and they should take me to a page I had previously customized. With my own background colors, fonts, images uploaded by me. They should also show the last two successful login date/time, last two failed login with timestamp etc.
What else could they do? Could they tracert my IP address and refuse login if any of the hops go outside USA? But none of these will protect against keystroke loggers. What to do about them? Can we really hold the bank site responsible if the dumb user's computer gets hacked and keystroke loggers are installed? Or if they use unencrypted wifi connections to log in and get snooped on?
I was wondering what other simple things they can do to improve the security of login process. I think they should allow me to customize my login screen. Type in the user name and they should take me to a page I had previously customized. With my own background colors, fonts, images uploaded by me. They should also show the last two successful login date/time, last two failed login with timestamp etc.
What else could they do? Could they tracert my IP address and refuse login if any of the hops go outside USA? But none of these will protect against keystroke loggers. What to do about them? Can we really hold the bank site responsible if the dumb user's computer gets hacked and keystroke loggers are installed? Or if they use unencrypted wifi connections to log in and get snooped on?