Comment Re:Bank transactions (Score 1) 360
I've seen several variants on banking security.
One bank had just a pin+username but you had to use it in conjunction with an installed certificate. If you were using a public computer you could download a one-use certificate by having a one-time code sent to you by SMS to your (pre-registered) cell phone. This means someone would have to, not only get hold of your pin+username but also your cellphone.
Another bank used a small device calculator-like which you were given when you opened an account and you could then use this to generate one-time codes (probably by hidden key technique). One would be needed to login to your account and to commit any transactions you would have to generate a new one-time code. This feels fairly safe, even in a public enviroment. As long as you have the code generator in your posession, you're "safe" (the code generating device asks for your pin to before allowing itself to be used).
Worst was a bank I shall not name which was just a username and a password over a standard SSL connection. Let's just say I never dared use that on a public computer!
One bank had just a pin+username but you had to use it in conjunction with an installed certificate. If you were using a public computer you could download a one-use certificate by having a one-time code sent to you by SMS to your (pre-registered) cell phone. This means someone would have to, not only get hold of your pin+username but also your cellphone.
Another bank used a small device calculator-like which you were given when you opened an account and you could then use this to generate one-time codes (probably by hidden key technique). One would be needed to login to your account and to commit any transactions you would have to generate a new one-time code. This feels fairly safe, even in a public enviroment. As long as you have the code generator in your posession, you're "safe" (the code generating device asks for your pin to before allowing itself to be used).
Worst was a bank I shall not name which was just a username and a password over a standard SSL connection. Let's just say I never dared use that on a public computer!
