Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lloyds TSB Pushing New Online Security Protocol

Posted by Zonk on from the another-toy-for-the-keychain dept.

An anonymous reader writes "Looks like the two-factor bandwagon is beginning to roll in UK banking. The BBC is reporting that Lloyds TSB is issuing hard-tokens to 30,000 customers in an attempt to curtail phishing." From the article: "Until now, Lloyds TSB has used a two-stage system for identifying its customers. First, users must enter a username and password. Then, on a second screen, they are asked to use drop-down menus to choose three letters from a self-chosen memorable piece of information. The aim of using menus rather than the keyboard has been to defeat so-called 'keyloggers', tiny bits of software which can be used by hackers who have breached a PC's security to read every key pressed and thus sniff out passwords. But newer keyloggers now also take screenshots, which can reveal the entire memorable word after the bank's website has been used just a few times."

2 of 228 comments (clear)

  1. Re:Good for them. by GekkePrutser · · Score: 5, Informative

    If these devices work like the RSA SecurID does, clock lagging is not a problem. Every time the customer logs in, the server accepts not just the current password, but also the next and previous x (10, for example) passwords. So if the clock is a bit off, it will still accept the password.

    Furthermore, once the password is accepted the server will then know exactly how far off the clock in the keyfob is and change its 'expected' timeslot accordingly. This only goes wrong if the customer doesn't log in for extremely long times, which shouldn't happen much anyway.

  2. Two-factor Coming to 1 Million Paypal Accounts by miller60 · · Score: 3, Informative
    Two-factor authentication was a big part of the recent eBay-VeriSign deal. The headlines all mentioned eBay buying VeriSign's payment processing unit for $370 Million. But the agreement also calls for eBay to buy up to 1 million two-factor authentication tokens from VeriSign for use on Paypal. eBay will start rolling out the two-factor authentication tokens to Paypal and eBay users in 2006, including marketing and security programs designed to "promote customer adoption."

    This is significant, since you have a lot more phishing attacks targeting Paypal and eBay than the major banks these days.

    --
    RichM
    Data Center Knowledge