Carlos E. R. wrote:
On 2014-04-11 14:23, Per Jessen wrote:
jdd wrote:
I first heard of the challenge-response idea back in the 90s - it was already in use with several German on-line banking systems (maybe it was standard in the HBCI specification). I think my bank has been using their current setup it for 10 years or more. I'm on my third card-reader.
I've never seen it here (Spain), at least for "consumers". I have used it inside companies, to access the network by employees. The one I'm thinking of they also had antitempest windows, and WiFi was strictly forbidden (it is dismantled on the warehouse, to the dismay of the operators using the handled gadgetry they typically use on the store room or warehouses.
I've seen one important bank using a table of codes for a challenge-response system, which is used only for "operations".
I think that's the system they've also used in Germany - TAN/PIN. I'm not intimately familiar with it, but ISTR using such a scheme with the German BTX.
Another important bank uses a login/pass to access, then a challenge-response method for operations, but instead of a long table of codes, it is just a an 8 char code of which they ask you, say, to type digits 5 and 7. Again, not a one use thing.
No, but that's still a challenge-response system. The one-time-key is just the origin.
I think they also use a verification code sent over SMS to your mobile phone, but I don't recall which one does. It may be a volunteer choice.
Yes, Credit-Suisse uses such a scheme too. Not optional. -- Per Jessen, Zürich (19.7°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org