[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: how can you verify that the site you get is not a fake?



so...

the obvious solution (at least to me...) is to get rid of the need for a
user to use the keyboard for entering the password....

so if i have a solution that allows the user to more or less know that the
site that he/she is on is the correct site, as well as a process that allows
the user to access/authenticate that he/she is indeed the actual user, then
we might have something...

if you're dealing with a browser/internet system, i'm of the opoinion that
it's time we start thinking about geting rid of text based passwords...
they're too cumbersome to be secure, and once you start dealing with more
than a few sites.. who really goes through the trouble to generate and
remember really secure passwords...

-bruce



-----Original Message-----
From: fedora-list-bounces redhat com
[mailto:fedora-list-bounces redhat com]On Behalf Of Matthew Miller
Sent: Monday, June 06, 2005 8:43 AM
To: For users of Fedora Core releases
Subject: Re: how can you verify that the site you get is not a fake?


On Mon, Jun 06, 2005 at 09:28:07AM -0600, Robin Laing wrote:
> This is an interesting thought.  When one bank that we used changed
> from UNIX to Windows servers, the passwords became case insensitive
> and would not accept some characters.  We raised this with the bank
> and they didn't seem to concerned.

A bank I used switch systems and changed everyone's username to be
six-letters-of-last-name+year-of-birth and set the passwords to last four
digits of social security number. I called up and complained, but they
didn't see a problem with this even after I explained very carefully.

Needless to say, I switched banks.

--
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 80 degrees Fahrenheit.

--
fedora-list mailing list
fedora-list redhat com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]