blueblood
Well-known member
- Joined
- Mar 16, 2005
- Posts
- 1,082
We had a topic that got off on efficacy of SSL,etc. This is different but in same vein i.e.on line banking security. The Fed is worried about the vulnerability of on-line banking with particular focus on single layer access i.e. username/password and thus its openness to phising,etc.. They are in process or have completed a directive that is going to require banks to go deeper. Most banks are begrudgingly moving forward arguing that they need to be able to develop user-friendly solutions, etc. I thought I might talk about one that all ready exists at Bank of America On-Line.
BA has purchased and deployed a technology called SiteKey. One signs up for SiteKey which includes picking an Image and providing answers to three questions. You are presented an Image at random during the sign up process but can pick any other one from a fairly wide selection. It just needs to be one you can remember/recognize each time you sign into BA On-Line. The three questions are similar i.e. you can pick from a selection of question in each of three categories and provide answers you will be able to remember if asked.
The sign on to BA On-Line is fairly painless. You are presented same opening screen as before i.e. the one that is vulnerable to phising. You enter your username as usual but not your passcode. Instead you click on the "use SiteKey to sign in" and it present a new screen that contains the image you selected when signing up for service. If its right, you enter passcode and proceed on as normal. If you have changed computers from the one you signed on to program or make an improper entry, you trigger the questions. Answer the question/s asked properly and you proceed normally. If you have changed computers and enter proper question, it will ask if you use this computer often as well and I assume a yes answer will add it as an approved alternate to your initial sign on one.
BA has purchased and deployed a technology called SiteKey. One signs up for SiteKey which includes picking an Image and providing answers to three questions. You are presented an Image at random during the sign up process but can pick any other one from a fairly wide selection. It just needs to be one you can remember/recognize each time you sign into BA On-Line. The three questions are similar i.e. you can pick from a selection of question in each of three categories and provide answers you will be able to remember if asked.
The sign on to BA On-Line is fairly painless. You are presented same opening screen as before i.e. the one that is vulnerable to phising. You enter your username as usual but not your passcode. Instead you click on the "use SiteKey to sign in" and it present a new screen that contains the image you selected when signing up for service. If its right, you enter passcode and proceed on as normal. If you have changed computers from the one you signed on to program or make an improper entry, you trigger the questions. Answer the question/s asked properly and you proceed normally. If you have changed computers and enter proper question, it will ask if you use this computer often as well and I assume a yes answer will add it as an approved alternate to your initial sign on one.