Posted by:
admin
15 years, 12 months ago
First, what a great site. Clearly, these guys agree with my philosphy that if you're not having fun, the money probably isn't worth it:
We are not the folks who borrow your watch to tell you what time it is - instead, we simply peer over at your wrist when you're not looking.
We never use silly words like "paradigm" and "mission statement" - we prefer more pragmatic terms like "revolutionary mental model" and "envisioned future state."
The Gonzo Banking team suggests that banks are not doing enough to protect their customers:
B of A’s position was that their security had “done its job” and they could not be held responsible for their customer’s inability to adequately protect his computer and the information it contained. Banking customers across the country reacted negatively to the news that funds in their accounts were not being protected. “If I loose my checkbook, or have it stolen, my bank will stand behind me and protect my funds. Why doesn’t this apply to every method of accessing my accounts?”
They offer some strategies to minimize the risks involved in online banking:
These are noteworthy, but seem to be generated solely from a banker's risk management perspective. What about applying technology to solve some of these issues? As I have stated before, financial transactions can be validated or "signed" using a one-time password system. Perhaps there is a happy middle ground where riskier transactions require two factor authentication, while low-risk repititive transactions do not.
If the Gonzo Bankers are concerned about the cost of two factor authentication, they should reconsider. With software-based two-factor tokens like WiKID, the cost would be far less than either hardware tokens or even passwords.
Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)