Saturday, December 25, 2004

Medal of Cluefulness for US Bancorp 

Passwords are a terrible way to log in.

Imagine if your front door had a password instead of a key. You couldn't just ask the housesitter to hand the key back; you'd have to change the password instead. Anyone could plant a tape recorder in the bushes, steal your password and clean out your house.

Phishing scams only work because passwords are so lame.

Better technology has been around for years but only a few places are using it. AOL recently offered subscribers a keychain-sized gadget that makes a new six-digit password every minute. A bad guy who steals that number can't do anything with it. Other gadgets prove they're authorized by decoding a coded message from the system you're logging into.

US Bancorp is offering its customers small devices that plug into their computers's USB ports and grant access to online banking. They still use a regular password, but it's only a backstop to protect you in case the USB device ("token") gets stolen.

US Bancorp is doing the right thing! They're giving their customers state-of-the-art security against very real threats. Everyone should be doing the same: it's as basic and necessary as security paper in checkbooks.

I can think of a way for bad guys to get around that kind of security but it would be complicated and increae the risk of getting caught.

US Bancorp is the first recipient of the Security Mentor Medal of Cluefulness.


This page is powered by Blogger. Isn't yours?