Forgot your password?
This discussion has been archived. No new comments can be posted.

Australian Telcos Declare SMS Unsafe For Bank Transactions

Comments Filter:
  • by dgatwood (11270) on Thursday November 08, 2012 @06:01PM (#41925713) Journal

    something you know, something you have, and something you are

    The problem is that superficially, a phone looks like a great second factor. You know your password, and you have your phone. Unfortunately, in practice, it is not a second factor at all because the phone is a party to the communication of the first factor (password/PIN), so compromising the phone compromises a second factor implicitly. Fundamentally, no phone can ever be a second factor for authentication purposes, period, so long as it is possible to enter your password or PIN through that phone.

    The ability to clone phones is just the icing on the cake. It's the beach ball floating through the gaping hole that nobody noticed previously that calls attention to the flaw in the minds of people who were otherwise not sufficiently security-minded to see it.

  • Re:Not surprised... (Score:5, Informative)

    by norpy (1277318) on Thursday November 08, 2012 @06:38PM (#41926133)

    They also seem to think that inputting your password with an on-screen html keyboard using your mouse will provide *ANY* extra security.

    The one thing that i'm happy about is that unlike commonwealth bank, they are not integrating facebook with their online banking system.
    Just let that one sink in a little bit.... integrating FaceBook with your online banking

... when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. -- Fred Brooks