Corporate public key?

Neil Williams linux@codehelp.co.uk
Tue Jul 8 23:43:02 2003


--Boundary-02=_itzC/X9FZ7UE+bp
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 08 Jul 2003 9:35 pm, Johan Wevers wrote:
> I don't know how internet banking is done where you live. I have seen
> banking systems for 3 banks here.

The UK online banks are nothing like as thorough. I use Halifax and Egg.=20
Halifax relies on a rotation of questions - so you enter the username,=20
password and the answer to one of so many questions as setup when the onlin=
e=20
access was started. You can change those at any time but unless you get the=
=20
login wrong and your account becomes suspended, you are not forced to chang=
e=20
them at all.
Egg adds three select boxes to enter your date of birth and similar rotatio=
nal=20
questions from a fixed list.

If you fail the initial login on either site, there is a reserve question t=
hat=20
you design and set the answer.

It seems that both sites are primarily designed to hinder automated attacks=
 by=20
using rotational questions. I don't see the date of birth at Egg as much us=
e=20
=2D OK, it's an extra fact that someone has to know but the extra hassle of=
=20
selecting the day from a list of 1-31 and then the month 1-12 and then the=
=20
year (goes back all the way to 1930-something I think) is quite tedious and=
=20
doesn't prevent spoofed HTML form attacks.

Hence the interest in ING / GnuPG. It would be far better than the existing=
=20
systems. My first username with one bank was too similar to someone else an=
d=20
for a while, each time I went to login, MY account had been suspended becau=
se=20
the other user had got their details wrong! I had to change my username to=
=20
make it more distinct. Some sites don't allow changes of username, only the=
=20
password and questions.

The Inland Revenue must be the worst. They assign the username and password=
=20
and then entirely rely on those two strings. You can apply for them to be=20
changed but you don't get any say in what you end up using.


=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/


--Boundary-02=_itzC/X9FZ7UE+bp
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/CztiiAEJSii8s+MRAi7WAJ4sbWWukEoGbpUSQXORYwyHCHE6nQCgp4dh
iYN6hPci/lGG7m0AiPK5QCQ=
=2jTN
-----END PGP SIGNATURE-----

--Boundary-02=_itzC/X9FZ7UE+bp--