Should Online Banking Use Flash for Verification?

← Back to Stories (view on slashdot.org)

Should Online Banking Use Flash for Verification?

Posted by Cliff on Thursday January 18, 2007 @06:10AM from the is-this-really-a-good-idea dept.

larrystotler asks: "One of my banks has instituted a new 'Secure Sign-in' setup. They allow you to register your computer with them so that you don't have to go through the new extra security steps. This involves the use of cookies -and- Flash Objects: 'Adobe Flash objects store data in much the same way that cookies do on your computer. If you have Flash installed, we can recognize your computer in the event that you erase all your cookies.' This requirement of Flash will probably negate my ability to access my bank account when running Linux on my PowerMac since Flash Player is not available for it(haven't tested it yet). However, the real question is: Is Flash a good, secure option that a bank should use to help identify you?"

5 of 139 comments (clear)

Min score:

Reason:

Sort:

No. by pipatron · 2007-01-18 06:11 · Score: 5, Insightful

No.
Next question?

--
c++; /* this makes c bigger but returns the old value */
1. Re:No. by SatanicPuppy · 2007-01-18 06:31 · Score: 5, Insightful
  
  No.
  
  Bank sites should be as server-side as possible. Anything else opens the user up to exploits; I'm not even a big fan of their push toward Ajax. Putting a lot of effort into cosmetic widgets is problematic at best.
  
  --
  ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Re:Requiring additional browser plugins is a bad i by TheGreek · 2007-01-18 06:21 · Score: 5, Funny

The idea itself isn't bad, but the requirement to install a third-party software add-on isn't, especially one which is only available for a few platforms.
I think you misspelled "99% of the people who use the Internet."
Dear Slashdot, by American+AC+in+Paris · 2007-01-18 06:25 · Score: 5, Funny

Recently, I've moved from a house that had an electric water heater to a house with a gas water heater. Sadly for me, this means that I'll no longer be able to use my custom-built circuit monitoring hardware (which uses a Linux-based electricity usage tracking app I wrote myself!) to estimate what percentage of my monthly electrical bill was used to generate hot water. However, the real question is: is it really a good idea to pound on the gas main with a ball-peen hammer?

--
Obliteracy: Words with explosions
The real question... by MagicM · 2007-01-18 06:32 · Score: 4, Insightful

The real question is: should any bank make it easy to "register your computer with them so that you don't have to go through the new extra security steps". The answer ofcourse is "no". If I break into your house and steal your computer, I now also have access to your bank account (which you probably have a handy bookmark for to make it even easier). Also, anyone you trust into your house (babysitter, etc.) can now get into your bank account.

Banks shouldn't make it easy to remove the "what you know"-part of the authentication. It's there for a reason.

(Then again, I probably misunderstood what "the new extra security steps" are. But there ya go.)