Comment Does not fix phishing. (Score 1) 228
All this is good but it does not fix the biggest problem with phishing: The user cannot trust the website they are visiting.
A better solution would be a "I tell you , then you tell me".
- The user visits a site (even if clicked from an e-mail)
- The banks site presents the expected current number on the keyfob (maybe also the previous and next ones, to accomodate for time drift)
- If number presented matches then user enters password with the next number on keyfob.
The process would take about 1 minute (just the time to wait for the next number sequence).
The user would know that the site is real and the bank would know that user is valid.
No more fraud.
A better solution would be a "I tell you , then you tell me".
- The user visits a site (even if clicked from an e-mail)
- The banks site presents the expected current number on the keyfob (maybe also the previous and next ones, to accomodate for time drift)
- If number presented matches then user enters password with the next number on keyfob.
The process would take about 1 minute (just the time to wait for the next number sequence).
The user would know that the site is real and the bank would know that user is valid.
No more fraud.
