[Fwd: Re: Co-op Bank and Verified by Visa]
Nicholas Bohm
nbohm at ernest.net
Sat Jun 20 19:34:29 BST 2009
Peter Fairbrother wrote:
> Nicholas Bohm wrote:
>> Peter Gutman sends a further message:
>>
>> Subject: Re: Co-op Bank and Verified by Visa Date: Sun, 21 Jun 2009
>> 04:43:54 +1200 From: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
>>
>> -- Snip --
>>
>> Nicholas Bohm <nbohm at ernest.net> writes:
>>
>>> To be fair to the systems, they ask for three characters from the
>>> password, and not the same three each time. Attacks would have to
>>> be repeated often enough to get enough characters before they could
>>> be executed reliably.
>>
>> "To provide customers with an enhanced security experience our
>> award-winning Verified by Visa system will now ask for your full
>> password instead of just three characters. When you enter your
>> password you can be assured that we are providing the highest level
>> of security possible".
What's particularly annoying about Peter G's phictional phisher is that
he or she is right, in some contexts.
I can memorise complex passwords that have to be entered in full, or use
an encrypted vault; but passwords where I may have to enter the 1st, 4th
and 7th characters have to be simple enough to count along while
remembering them, or have to be written down where I can number the
characters, all of which makes for poor conventional security.
Nicholas
--
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK
Phone 01279 870285 (+44 1279 870285)
Mobile 07715 419728 (+44 7715 419728)
PGP public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
More information about the ukcrypto
mailing list