One-Time Pads To Protect Electronic Bank Access

dummkopf writes "CNN reports how Scandinavian banks issue one-time passwords to protect customers' accounts when these use the same password for other, i.e., more insecure email accounts. Having a bank account in the U.S. (with a trusted and well known Bank OF nAtional reach) I always wondered why the security was soooo poor: while it has changed slightly now (better usernames/passwords) it used to be the case that your username was your SSN and your password a number code (!). I am sure most of you will agree with me that this is scary... I live now in Switzerland where one-time passwords for online banking are a must and where my current bank is one of the 'crappy' ones with a little card with one-time passwords like mentioned in the CNN Story. The nicer ones even give you credit-card-size RSA password generator which is combined with a calculator you can keep in your pocket. Hence my question: are others also worried about poor security of online banking in the U.S.? Are there banks which are better than the ones mentioned above?"

Nothing New.

[MKalus]

Banks in Germany always required you to have:

Login & Password.

And then for EACH transaction an TAN (TransActionNumber) which was a one time password that they mailed to you in a batch of I think 25.

So in order to complete a transaction you not only needed the username and Password but also a TAN.

More secure than they do it here, where you just log in and then it's a free for all.

Re:Nothing New.

[Apogee]

As the person who originally posted the story, I am living in Switzerland, so I can maybe provide a little insight into the mechanics of the system.

It's been a while since my nice bank has switched from the TAN system to the calculator/login device + chip card, but if I remember it right, it's not only the TAN that authenticates you, it's your user name (or more precisely, your account number - after all, we're in Switzerland, the home of number accounts) and a password of your own choice, plus the current TAN, used only once. This seems to me to be a pretty good system, as you prove your identity by:

• knowing your account number
• knowing your personal, secret password
• knowing the current, one-time-pad TAN

With the login device I am using now, you need to:

• know your account number
• posess the chip card
• unlock the chip card with a PIN of your choosing (and 3 bad tries block the card forever)
• read a challenge off the login screen, and type it into the login device
• post back the response the login device generates

Knowledge of any one of these is useless, you need to know all of them, so I think the system is pretty secure. Frankly, I was slightly mystified to read that US banks rely on only one token of authentification ... I would have imagined systems similar to the ones I described are commonplace. Seems I was wrong.

Not a one-time pad

[kzinti]

Single-use passwords are not the same thing as a one-time pad, which is a form of encryption. However, one-time passwords do sound like a good idea. Given reasonably good encryption like in SSL, then password management becomes a weak point - which this scheme addresses. (Just parroting Schneier, and wondering if this scheme will get mention in the next Crypto-gram newsletter.)

Re:Not a one-time pad

[ryanwright]

One time passwords are fine for the average Joe. But this article is silly:

But it's difficult to remember dozens of strong passwords -- so many sites now require them.

Whatever. You simply need a pattern combined with "phrases" that only you know. For instance, your phrase could be "Jack and Jill went up the hill", so your password would be, "JJW!TH". Then you add a number to it that you can remember, for instance, the last four of your phone number reversed. So JJW!TH9834. Now throw in something unique from each site you visit. Take Google, perhaps Jack and Jill don't go up the hill, they go to Google: JJW!TGGL9834. Or on Hotmail, perhaps Hotmail went up the hill: HMW!TH9834. Mix and match for various web sites.

Easy to remember, extremely difficult to break. Secure enough for most anything us common folk would do - including online banking - and not such a hassle as carrying around scratch-off cards or RSA keys everywhere you go.

Re:Not a one-time pad

[prodos]

I can foresee a problem with this when you start using these sorts of passwords for places with password expiration. You can't use your original clever creation, so now you must come up with variations on it every couple months or so; like incrementing the number at the end, so you have JJW!TH9835 etc. But then you start having "version" issues where some passwords expire faster, and some not at all... so you might have JJW!TGGL9839 and HMW!TH9842. Of course, you could change ALL your passwords whenever one of them expires... but then you have to remember every single place you've set up such a password.

It's cliche, but...

[RobertB-DC]

I know it's cliche, but I still get stuck in line behind people who don't understand the basics of the ATM machine interface. Inserting (or swiping) the card throws them off. Grocery store POS systems, never consistent between chains, present even more hurdles. I've seen "Pay at the Pump" customers drive off because they just don't understand the instructions.

You want to give these folks RSA dongles? They don't even see the security implications of putting their entire credit line on their keychain with not even a PIN for validation.

The two problems are simple: People here won't understand it, and they won't care.

Why this works in Europe is beyond me, but I'm sure there are plenty of cliche anti-American rants to help explain it.

Maybe I should be more concerned, but...

[steevo.com]

There really isn't a lot of damage that someone could do with my online banking account.

I can't transfer funds to an account that is not mine.

The information that is available online about me and my account is less than what is available on a check. I guess I should be more concerned about that, but I have no control of my checks once I have used them to pay for something.

My Debit card information is not available online.

About the best someone can do with my account is see my balance.

One time password not one time Pad.

[mindstrm]

A scratch-off password list is a password scheme.

a One-time pad is an encryption algorithm.

The two have basically nothing to do with each other.

A one time pad:

Generate a random pattern of bits of the same length as the plaintext. XOR the two. The resulting ciphertext and the random field are now both requried to re-generate the plaintext (to call one the ciphertext and one the key is wrong too. they are both statistically equivalent).

Both are also completely useless by themselves, and truly totally, provably, unbreakable.

This is the only form of unbreakable encryption.

The moment you use a pad more than once, though, it ceases to be a one-time pad, and is breakable.

Re:One time password not one time Pad.

[nacturation]

This is available on FreeBSD and likely other *nix systems out there as well. Here's the nutshell overview for the über-grokkers.

Adding your login to the database of one-time passwords and displaying the first login password:

$ opiepasswd -c
Adding dlavigne6:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter new secret pass phrase:
Secret pass phrases must be between 10 and 127 characters long.
Enter new secret pass phrase:
Again new secret pass phrase:

ID dlavigne6 OTP key is 499 dh0391
CHUG ROSA HIRE MALT DEBT EBEN

"499" is the counter, "dh0391" is the seed. Combined with the password, you can generate additional logins from any computer, on- or offline. Generating additional login passwords:

$ opiekey 498 dh0391
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Enter secret pass phrase:
MASK BALM COL HER RIFT TERM

$ opiekey -n 10 497 dh0391

Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Enter secret pass phrase:
488: COIN LO DOG GOLF ACTA FULL
489: SOD STUN SINK DRAW LAWN TILT
490: MALT STAY MASH CAR DEBT WAST
491: HOWE DRY WALL TOO BUDD SWIM
492: ROOT SPY BOND JEST HAIL SCAR
493: MEAN ADD NEON CAIN LION LAUD
494: LYLE HOLD HIGH HOME ITEM MEL
495: WICK BALI MAY EGO INK TOOK
496: RENT ARM WARN ARC LICE DOME
497: LEAD JAG MUCH MADE NONE WRIT

And logging in:

login: dlavigne6
otp-md5 498 dh0391 ext
Password: (here I pressed enter)
otp-md5 498 dh0391 ext
Password [echo on]: mask balm col her rift term

The beauty of this is that you can turn it on and safely login as root using a telnet session as replay attacks won't work since the password has already been used. Of course, "safely" here only applies to password reuse as a telnet session doesn't prevent other problems, such as man-in-the-middle attacks. Because this uses a standard algorithm, you can even generate new login passwords as needed from a PDA -- it doesn't have to be generated directly on the host system. So if you're SSHing to your server to fix a problem and you're in some internet cafe, you don't need to worry about keystroke loggers picking up the password. Type it in via plaintext as it'll never get reused.

Recent trend in Portugal... sort of

[r_cerq]

A few months ago, most (AFAIK, all) portuguese banks updated their online banking auth systems.

There's no standard, and they seem to be having some dificulty balancing user-friendliness with security.

The current "hip" thing is to require a login/password pair, followed by things like:

- Enter the the sixth and second numbers of your ID card/passport (random positions)
- Enter your numeric PIN using the randomly placed JavaScript keypad
- Use the code-matrix card (provided by the bank) and enter the value in square 4C
- Confirm every money-moving operation with digits in random positions from a fixed (long) code given to you by the bank. Said code is regenerated every month. ... and so on.
I don't thinks there's any bank here using plain login/password auth. There were attempts to use personal x509 certs, but most users had trouble installing them or using them.

I'm more concerned about internet shopping...

[26199]

...why are we still using a system that relies on you trusting every single person you give your credit card details to? It would be perfectly possible to generate a one-time authorisation code for each transaction...

Stronger security isn't always better security

[raehl]

Stronger security should only be provided if the cost of implementing that security (money, time, convenience) is less than the costs of not implementing it.

From my perspective, if someone breaks into my account, it's a hassle, but not a huge deal: My account is insured, and I get my money back. I'd rather deal with the inconvenince of this happening once or twice in my lifetime than having to deal with carrying and using a password generator for my entire life.

From the bank's perspective, it is probably cheaper to lose some money to accounts being compramised than to implement better security across the board. That translates to lower costs (or better interest) for me the customer, which is also nice. I'm fairly confident this is true, because were it better (cheaper, more convenient) to have stronger security, my commercial bank (always wanting to make a buck) would be doing that instead.

Your house would be more secure if you had bullet-resistent windows, steel-reinforced cross-bar doors, one-time pad electronic access, and 24/7 security guards, but most people the find much "weaker" deadbolt/key combination to be the BETTER solution.

Re:Much better in Saudi Arabia

[British]

....provided you never have been convicted of theft twice.

Re:Much better in Saudi Arabia

[Cthefuture]

I work in the security field (mostly smartcards and biometrics) and I can tell you that if that's all they have then their security sucks.

Biometrics are highly inaccurate/insecure. We break them all the time. I myself would never use anything important that was secured with only a biometric. Even a 4 digit limited error PIN would be more secure.

For my parents/grandparents

[the_skywise]

I finally got them to use a phrase using l33tspeek for a password: (IE l33tm0m)

Still not as good as your technique, but easy enough for them to remember and not as bad as what they were using.

Mom: (entering password) click, click
Me: "That's an awfully short password mom, what're you using?"
Mom: "My birthdate: 1217"
Me: "AAAUUUGGGHHH!"
Mom: "What's wrong with that? I don't give it out."

(Note: Birthdate changed to protect the innocent.)

Re:Ultimate security

[ePhil_One]

I'm poor.

Funny as it sounds, just wait till someone get a hold of your identity, you'll be poor and deeply in debt. Scammers are very good and obtaining credit, it helps that they don't fear the repercussions of being unable to pay.

Being poor is no reason to not protect your identity. You'll just get more funny looks.

There is better security out there.

[JustAnotherReader]

Are there banks which are better than the ones mentioned above?

Yep, I'm a programmer for one of them.

First of all, your login to our on-line banking system is a randomly generated unique 8 digit number. It's on your ATM card and it's your user ID number for the bank. You also have to remember your 6 digit PIN. But what if you forget your PIN? Well we can't give it to you. Why, because we use one half of a public private key encryption to save only the encrypted version of your PIN. And just to be safe we throw away the private key so even WE can't see what your PIN is. If we ever get hacked (and people try but they've never gotten through. And yes, we've caught them and put them in jail) in any case, if we ever do get hacked they can only see the encrypted version of your PIN and the private key to decrypt them is nowhere to be found.

So you forget your PIN. How do you get a new one? You call us and verify who you are via at least 2 or 3 different ways (I won't tell you how). Then we mail you (yes, snail mail) a new temp PIN to the address your checking account goes to. You can log in ONCE with that temp pin and you are required to change your password after the first login. By the way, if you log in 3 times incorrectly then we lock your account and notify people in the bank that this may be a hack attempt. Good thing we also log the IP address each of those login attempts were coming from.

By the way, when you first signed up you gave us a secret question like "When dad bought that farm in Kentucky he also bought some cattle. What was the name of the first cow that he bought?" You wrote the question yourself which makes it even harder for a hacker to guess what that question is. And when you applied for on-line access you gave us the answer "Matilda". That answer is also encrypted with a one way public-but-no-private-key on our servers. So when you log in with your temp password we're going to ask you the question that only you know the answer to.

I havn't even gotten to physical security. Believe me, don't even try to physically get to our servers, or even to the printers that print your statements. That is, if you could even find the buildings (There are no signs on teh building that say who we are) Add to that triple redundent servers and databases that are located in physically different locations over 200 miles apart so even a terrorist attack on one city won't destroy your bank records. AND those records are backed up and stored in yet another physical location.

And I could talk about all the auditing that the SEC does on us to make sure that our systems are secure, our data is redundently backed up, failover systems work and so on.

So yes, most banks have far more security than you can imagine. You may feel safe again.

Cellphones and banking

[jedrek]

Two areas where the USA is just out in left field, cellular services and banking. The first one has stopped suprising me, the second one blew me away. I consider my country (Poland) to be backwards, especially when it comes to commercial services - like banking. It's not.

Not only does my bank use one time passwords, the card they're on is a scratch-off card. This gives me 2 additional levels of protection. Not only does it prevent someone from peeking at my card, but it let's me verify that I made each transaction. I don't need to keep track of the last number I used, it keeps track for me. And I don't need the card unless I'm actually moving money around - all I need is my login and password.

The web interface on my bank is incredible - I can check on all transactions since I opened the account.I can set up sub-accts on the fly, issue debit cards to each of them, and my debit card works great online - so I can keep track of those internet purchases. Between-bank money transfers take a max of 1 day, usually same-day if I make it before 17.30, transfers within my bank are instantaneous - really handy for lending my brother some money *fast*.

And the icing on the cake, the thing that made me go to this bank - instant text-message updates on my current account. I get a transfer - I get an SMS, I buy something - I get an SMS. It's incredibly fast (I usually get the SMS before they hand me the reciept to sign) and incredibly useful. I know how much money I have, how much money I spent that day. It really helps to stem the spending sprees that plastic seems to lend itself to.

And all this, from my local, Polish bank.

It's just in the US.

[jwr]

It's just a US thing. Banks in the USA are for some reason stuck in the 80's.

All the banks I use in Poland provide one-time passwords for anything important. There are no checks in use, but you can use electronic money transfers to pay for just about anything (this is being introduced as "BillPay" in the US and advertised as big news).

I guess the US was first to develop a mature banking industry with credit cards and checks. This has worked so well (back in the 70's) that banks were not under pressure to innovate.

Re:Ultimate security

[Master+of+Transhuman]

If you're poor, how do you pay the debt?

Answer: You don't. You tell the idiots who accepted somebody else as you that they're shit out of luck getting any money out of you and they'd better start looking for the guy who took them to the cleaners.

Which they should have done in the first place.

Of course, it's a hassle TELLING all these people that...