Lloyds TSB Pushing New Online Security Protocol

An anonymous reader writes "Looks like the two-factor bandwagon is beginning to roll in UK banking. The BBC is reporting that Lloyds TSB is issuing hard-tokens to 30,000 customers in an attempt to curtail phishing." From the article: "Until now, Lloyds TSB has used a two-stage system for identifying its customers. First, users must enter a username and password. Then, on a second screen, they are asked to use drop-down menus to choose three letters from a self-chosen memorable piece of information. The aim of using menus rather than the keyboard has been to defeat so-called 'keyloggers', tiny bits of software which can be used by hackers who have breached a PC's security to read every key pressed and thus sniff out passwords. But newer keyloggers now also take screenshots, which can reveal the entire memorable word after the bank's website has been used just a few times."

Just don't send email.

[khasim]

Don't give the customers something to lose. Out of 30,000 people, you know that some will be losing this every day.

Instead, just publicly announce your policy that you will NEVER use external email to communicate with customers.

Using a toy like this just means that the phishers will have to move to man-in-the-middle attacks.

So what if your bank loses the ability to send ads to their customers? Your customer's security is more important.

No email from banks or other financial institutions EVER.