This morning in the Handler's secret room, we were having a discussion about financial institutions and there supposed security policy making them a lucrative target for spamming and phishing. Our discussion centered around
how they attempt authenication and if this authenication actually increases the likelihood that your account will be compromised.
A bank or financial institution implements a security policy that requires you to answer a question in addition to your user id and password. This sounds great right, a "two factor" method of identification. Well, maybe not... You see, if you can't answer the guestion correctly in addition to your correct user id and password, your account gets locked out. Ok so now what. You call the bank and say darn it all my account got locked out.... What does the bank say? Ok we will reset your password, what email address do you want the new password sent too. Oh, by the way - the new password email will not come from us. We have someone else send it. Hmmmm.... Oh - by the way, you may want to check your spam filter because the email make get stopped.
Seriously, What are they thinking?
What do you think? Does your bank or financial institutes method of authentication make you a more lucrative target?
Dec 4th 2006
1 decade ago