One-Time Pads To Protect Electronic Bank Access

dummkopf writes "CNN reports how Scandinavian banks issue one-time passwords to protect customers' accounts when these use the same password for other, i.e., more insecure email accounts. Having a bank account in the U.S. (with a trusted and well known Bank OF nAtional reach) I always wondered why the security was soooo poor: while it has changed slightly now (better usernames/passwords) it used to be the case that your username was your SSN and your password a number code (!). I am sure most of you will agree with me that this is scary... I live now in Switzerland where one-time passwords for online banking are a must and where my current bank is one of the 'crappy' ones with a little card with one-time passwords like mentioned in the CNN Story. The nicer ones even give you credit-card-size RSA password generator which is combined with a calculator you can keep in your pocket. Hence my question: are others also worried about poor security of online banking in the U.S.? Are there banks which are better than the ones mentioned above?"

I'm more concerned about internet shopping...

[26199]

...why are we still using a system that relies on you trusting every single person you give your credit card details to? It would be perfectly possible to generate a one-time authorisation code for each transaction...

Re:Not a one-time pad

[prodos]

I can foresee a problem with this when you start using these sorts of passwords for places with password expiration. You can't use your original clever creation, so now you must come up with variations on it every couple months or so; like incrementing the number at the end, so you have JJW!TH9835 etc. But then you start having "version" issues where some passwords expire faster, and some not at all... so you might have JJW!TGGL9839 and HMW!TH9842. Of course, you could change ALL your passwords whenever one of them expires... but then you have to remember every single place you've set up such a password.