Thursday, July 14, 2005

Banks go simple on security

#109 Stung by recent high-profile security breaches, Bank of America Corp. is rolling out a new online banking security system called SiteKey, aimed at making it harder for cyberthieves to crack customer accounts - and by the looks of things they have gone the simpler is better route.

I couldn't agree more - ordinary consumers couldn't be fussed with complicated security and carrying dongles and tokens about with them that the dog chews or falls into the swimming pool. So now here is an example of what I call "human friendly" security.

Instead of the traditional user name-password setup, the banks' users select one of a thousand different images, write a brief phrase and pick three challenge questions. The challenge questions - all things that only the customer would be able to provide, such as the year and model of their first car - are then used along with a customer ID and a passcode to guard access to the account. Now heres the bit that I really like - the system also allows customers to verify that they are indeed at Bank of America's Web site when they log on for online banking. By clicking on a SiteKey button, they can see the secret image they selected and their phrase; if those things don't appear, they could be at a spoof Web site or the target of a "phishing" scheme. So the Bank is sure its the real user and the user is sure its the real bank. Neat.
Rate this post: (Provided by NewsGator)


Post a Comment

Links to this post:

Create a Link

<< Home