[thelist] High Security Password

Ken Schaefer Ken at adOpenStatic.com
Thu Dec 6 09:06:51 CST 2007

Erm, if someone has installed a keylogger on your machine, then what you send back to their server, is still whatever your PIN/password is.

I'm not saying that what has been implemented isn't more secure than what was there previously (one of my banks has had a similar scheme since 2004), but you need to go back to security fundamentals to work out whether this is more secure or not).


-----Original Message-----
From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Fred Jones
Sent: Friday, 7 December 2007 1:03 AM
To: Thelist
Subject: [thelist] High Security Password

My new bank allowed me to choose an 8 digit numeric password. Each time
I login, they present me with a keypad and on each key is a letter. I
can either click on the numbers with the mouse or type the letters with
the keyboard to enter my password. But since the keypad (a graphic of
course) numbers are different each time, my password is unique each time.

A bit slower to login, but seems quite secure. :)


More information about the thelist mailing list