Court Rules Passwords+Secret Questions=Secure eBanking

An anonymous reader writes "A closely-watched court battle over how far commercial banks need to go to protect their customers from cyber theft is nearing an end. Experts said the decision recommended by a magistrate last week — if adopted by a US district court in Maine — will make it more difficult for other victim businesses to challenge the effectiveness of security measures employed by their banks. This case would be the first to add legal precedent to banking industry guidelines about what constitutes 'reasonable' security. The tentative decision is that a series of passwords + some device fingerprinting is enough to meet the definition of 'something you know' + 'something you have.' The case has generated enormous discussion over whether the industry's 'recommended' practices are anywhere near relevant to today's attacks, in which crooks usually have complete control over the victim's PC."

Re:Secure = Secure Enough

[FatAlb3rt]

Unless the questions are like my bank's:
Who is your favorite Disney character?
What is your favorite color?

You stand a good chance to get the right answer for any given account if you go with Mickey / Minnie or red / blue. How is that really security?

why not use some sort of authenticator?

[snuf23]

I find it odd that Blizzard offers more security for a World of Warcraft account than your average bank.

Re:Secure = Secure Enough

[definate]

I always answer those questions, with a different password. This results in many people going, "LOL So your mothers maiden name is jks)*8h9*H*(BY?"

This is when those are used for verbal authentication over the phone. Then on top of this, I just need some reasonable password management.

All good!

What are banks for?

[taucross]

If banks can't protect our money, and aren't liable when it goes missing, then what are banks for?