[WEB SECURITY] New two-stage login procedure

Brian Eaton eaton.lists at gmail.com
Wed Dec 13 14:44:32 EST 2006


On 12/13/06, Nick Owen <nowen at wikidsystems.com> wrote:
> Here is my question:  Is it possible to do strong mutual authentication
> without using cryptography?

Related question: can strong mutual auth be done without requiring
special hardware or software on the client?

> Are the FIs fooling themselves to think otherwise?

I think in many cases we don't give the financial insitutions enough
credit (pun intended).  I'll bet that the security folks at ING Direct
understand more about the risks than we do.  If they look at a risk
and decide to ignore it, they probably had a very good financial
reason to do so.

Regards,
Brian

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list