Comment Re:Transactions need 3 elements to be safe... (Score 1) 193
I trust my mobile phone as much as I trust a SecurID token, I would certainly realise if it went missing a lot sooner.
I think there was an article on here a while back about people being able to hijack phone numbers, so it's not perfect, but it does allow a convenient and cheap way to handle 2 factor authentication and transaction signing.
I use this on one of my accounts:
1. I enter my online banking ID and password and click next.
2. A 6 digit code is sent to me via SMS with the phone I registered for the service, the SMS includes the time of my last login.
3. I enter the code and click next.
I'm then able to browse my bank statements, if I want to make a payment an SMS is sent to me with:
1. The amount
2. The IBAN
3. A new code.
I have to enter the code to complete the payment, obviously the code that is sent to me changes every time and is valid only for a short period.
To compromise my account an attacker would have to get my login ID, password and corresponding phone number, they'd also have to have a way of intercepting my SMS without me knowing. I think the level of security offered is enough to convince an attacker to try a different bank.