Version: 2008

jensenben's community profile

About me

My posting summary

  • Comments: 3
1 to 3 of 3
Sort by: Show results per page

My comments

  • Even more simple solution
    And imagine what benefits that would do for internet traffic/cost of broadband, etc... Sadly we're in a society that will not accept such drastic change easily.

    February 20, 2006

    1 reply

  • response to suggestion
    That's very true, it would mainly get picked up by the techheads first I think. Perhaps the new generation coming that grew up with usernames/passwords may not find it so difficult.

    For my parents who are 50+ you are absolutely correct.

    I think in contrast to the unique key generators the banks wanted to distribute this is a step in the right direction. Hopefully by using ideas like these we'll get to a real solution.

    February 20, 2006

    0 replies

  • Simple Solution?
    So i had an idea the other day wanted to see where you thought hackers would go next if the industry implimented the following system.

    Dual Authentication: The industry has attempted to do this by selling us key generating tools that generate a unique number every 60 seconds. A user enters the unique number given by this tool when attempting a transaction. That system fails when hackers use the methods mentioned in the article we just read.

    Instead, what do you think about the following solution? Use an already existing system that is completely seperate from our PC's for dual authentication.

    Setup - Users go into their local branches (online banks will have a problem here) and give a form of ID to prove their identity and give the teller a cell phone number that can receive text messages. You are only able to set this up on location in the bank and the phone number is not editable or even displayed on the web or over the phone (so hackers have no access to it). Any time a transaction is attempted on the web over a certain amount of $$ (perhaps a $20 limit?) a text message with a confirmation number is sent to the users cell phone. All information is included in the text message such as account transferred to, amount, etc... The user then enters the confirmation number on the website. The server verifies the transaction amount and confirmation number then completes the transaction. The transaction is aborted if the confirmation number is not entered. The point with this sytem is that now users are getting information from system that is not the internet or their computer. Hackers would now need access to a users computer AND their cellphone. It's still something they can do, but much harder then the simple trojan install they do now.

    As for implimenting it, the solution is relatively low cost because it utilizes cell phones, the users typically pay a fee per text message or it's part of their plan. Cell phone companies would love the extra usage on their systems creating more revenue.

    So, fire away, I'd like to see what holes come from this.

    Thanks,
    B. Jensen

    February 20, 2006

    1 reply

Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET API
About CNET
sponsored