Court Rules Passwords+Secret Questions=Secure eBanking 284
An anonymous reader writes "A closely-watched court battle over how far commercial banks need to go to protect their customers from cyber theft is nearing an end. Experts said the decision recommended by a magistrate last week — if adopted by a US district court in Maine — will make it more difficult for other victim businesses to challenge the effectiveness of security measures employed by their banks. This case would be the first to add legal precedent to banking industry guidelines about what constitutes 'reasonable' security. The tentative decision is that a series of passwords + some device fingerprinting is enough to meet the definition of 'something you know' + 'something you have.' The case has generated enormous discussion over whether the industry's 'recommended' practices are anywhere near relevant to today's attacks, in which crooks usually have complete control over the victim's PC."
Re:This has a name (Score:4, Funny)
There's a name for this sort of security - "Wish it was two factor" [thedailywtf.com] security.
And now a judge is ruling that it's enough, along with a "device fingerprint" that can be trivially faked? That is complete bullshit.
Either nobody asked the experts or the judge didn't care. I hope he uses online banking and finds himself with a negative balance some day.
Re:One-time pads (Score:3, Funny)
Re:One-time pads (Score:5, Funny)
Maybe we can let the TSA take over computer security. You can have a couple of brawny perverts in front of every computer reading to cup your genitals before you go to pay some bills. Add in a X-ray machine to toast your testicles, and you're ready to go!
Re:One-time pads (Score:5, Funny)