[153626] in North American Network Operators' Group
Re: Dear Linkedin,
daemon@ATHENA.MIT.EDU (Hal Murray)
Sat Jun 9 00:43:12 2012
To: nanog@nanog.org
From: Hal Murray <hmurray@megapathdsl.net>
Date: Fri, 08 Jun 2012 21:42:59 -0700
Cc: Hal Murray <hmurray@megapathdsl.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> Does your bank request/require that you change the PIN
>> on your ATM card every few months?
> ATM cards are not passwords, they are a coarse form of two-factor
> authentication - You have the card, you have the PIN.
> You have to possess both in order to transact - at least in in theory.
> Compare that with the secrecy surrounding the CVV - the "last three digits
> on the number on the back of the card" which you are "not meant to tell
> anyone" and which _will_ be different if your card is lost/stolen and
> reissued.
If I'm not supposed to not "tell anyone", why is it even printed where I can
read it?
----
[Context is only having so-many brain cycles to memorize passwords.]
> It's harder as we get old. Use technology to aid with the heavy lifting. :-)
Right. But the meta problem is figuring out which technology to trust.
Phishing is the tip of the iceberg on social engineering. So far, the bad
guys are winning.
--
These are my opinions. I hate spam.
