[148647] in cryptography@c2.net mail archive
Re: [Cryptography] HSBC's Password Approach: Impressive
daemon@ATHENA.MIT.EDU (grarpamp)
Mon Dec 23 18:42:44 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52B86C32.3070600@borg.org>
Date: Mon, 23 Dec 2013 18:35:42 -0500
From: grarpamp <grarpamp@gmail.com>
To: cryptography@metzdowd.com
Cc: cypherpunks@cpunks.org
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> They are being pretty clever to make up for terribly endpoint security.
Yeah, all that might work for non brick and mortar stuff you maybe care about,
say email [1], and your fave pornsite. But really... you need to be able to
demand a hardware OTP token from your bank and brokerage... plenty of
cheap open hw exists for that, not RSA, ahem. Any B&M's that don't offer hw
are just using 'clever' obfuscation or cost reduction around the issue of real
security. But since they already cost reduced that nice 4-7% interest they
used to pay you, don't expect this anytime soon. Unless they figure with
real security they could then twist responsibility for that account wiping
transaction to uganda... on you.
[1] Outlook.com uses that stupid 'no cut/paste' thing, worthless and
annoying as fuck for those of us who use real password safes with
real random unmemorizable passwords.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
