[17296] in cryptography@c2.net mail archive
Re: Citibank discloses private information to improve security
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue May 31 16:12:20 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Adam Fields <cryptography23094893@aquick.org>,
"James A. Donald" <jamesd@echeque.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: Your message of "Tue, 31 May 2005 13:23:34 MDT."
<429CB9B6.2060001@garlic.com>
Date: Tue, 31 May 2005 16:06:38 -0400
Bank of America is adopting some new schemes that might help. First,
they're asking users to select a picture the user selected at
registration time. The theory is presumably that a phishing site won't
have the right image for you. Second, you can "register" your
computer; if your account is accessed from another computer, additional
authentication is demanded, thus rendering a compromised password much
less useful.
I think both schemes will help; I doubt that either will stop the
problems.
http://www.bankofamerica.com/newsroom/press/press.cfm?PressID=press.20050526.03.htm
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
