What you are (biometrics)
What you know (Password)
What you have (a key)
This has to go both ways. You both have to have verification that you
are who you are, that you both know the same things and that your key is
unique to a unique lock. False security on any vector makes it easier to
break the rest, whether through old fashioned social engineering or
stolen cycles on a mainframe cracking keys.
All are equally important and vulnerable. At least use a unique and hard
to crack password, it's the only part end users directly control.
Any suggestion that -simply- having a good password is fine is just
silly and wasn't my intention. If the bank cares so little they won't
spend a tiny fraction of their profit on a good, well designed
authentication scheme... go to another bank.
On 11/01/2012 05:40 PM,
Sav...@gmail.com wrote:
> Type it in blind; that would be difficult.
>
> ;)
>
> Glen Victor
>
> Sent from my HTC on the Now Network from Sprint!
>
> ----- Reply message -----
> From: "Michael Peppard" <
mpep...@impole.com>
> Date: Thu, Nov 1, 2012 16:36
> Subject: Bank Of Montreal Online Security
> To: <
securit...@securityfocus.com>
>
> Take 'old o' the Wings o' the Mornin', An' flop round the earth till
> you're dead
>
> Good luck cracking that password. Kipling's Widow at Windsor for those
> that don't recognize it.
>
> >> Subject: RE: Bank Of Montreal Online Security
> >>
> >> Also substituting letters with symbols will help, for example:
> >>> And then william sayed:"I really hate cake!"
> >> Change the 'a' to @ and 's' to $
> >>> And then willi@m $ayed:"I really hate cake!"
> >
> > Guys, excuse me, but you are tricking yourself.
> > Hackers know all this and much more, when cracks your passwords.
> >
> >>
> ------------------------------------------------------------------------
> >> Securing Apache Web Server with thawte Digital Certificate
> >> In this guide we examine the importance of Apache-SSL and who needs
> >> an SSL certificate. We look at how SSL works, how it benefits your
> >> company and how your customers can tell if a site is secure. You will
> >> find out how to test, purchase, install and use a thawte Digital
> >> Certificate on your Apache web server. Throughout, best practices for
> >> set-up are highlighted to help you ensure efficient ongoing
> >> management of your encryption keys and digital certificates.
> >>
> >>
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>
> >>
> >>
> ------------------------------------------------------------------------
> >>
> >>
> ------------------------------------------------------------------------
> >> Securing Apache Web Server with thawte Digital Certificate
> >> In this guide we examine the importance of Apache-SSL and who needs
> >> an SSL certificate. We look at how SSL works, how it benefits your
> >> company and how your customers can tell if a site is secure. You will
> >> find out how to test, purchase, install and use a thawte Digital
> >> Certificate on your Apache web server. Throughout, best practices for
> >> set-up are highlighted to help you ensure efficient ongoing
> >> management of your encryption keys and digital certificates.
> >>
> >>
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>
> >>
> >>
> ------------------------------------------------------------------------
> >>
> >>
> >
> >
> > ---
> > Alexander A. Kelner
> > Senior engineer
> > CT Network Operation Center
> > RosTelecom - Bryansk
> >