Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Gmail Has Better Security Than Your Bank

Posted by timothy on from the your-mileage-may-vary dept.

Gizmodo gives some insight to a strange situation that many of us have -- at least in the U.S. -- when it comes to online security: Gmail, while free, offers two-factor authentication, while many banks don't use security tools that would make online financial transactions safer, contenting themselves with single-factor, weak password systems, or lackluster secondary screens. It's certainly true at one bank I use, which even now allows short, all-alphabetical, all lower-case passwords. U.S. banks could certainly use multi-factor authentication, and some do, but it's nothing like universal.

4 of 271 comments (clear)

  1. Google two-factor authentication user. by blind+biker · · Score: 1, Interesting

    When I started using Google's 2-factor authentication, I admit, it was tedious, but it pays dividends in peace of mind, and how!

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
  2. Re:bank I use ... allows (weak passwords) by JohnFen · · Score: 3, Interesting

    What two factor auth for Gmail?

    I've never seen anything but user/pass needed to create or access a gmail account?

    You've managed to stop GMail from pestering you to sign up for two factor authentication? How did you manage that? I can't seem to get it to stop (without actually signing up for it, which I'm not willing to do.)

  3. Re:One difference by JohnFen · · Score: 4, Interesting

    If your bank gets hacked, you take the hit, the merchant takes the hit, the bank walks away clean.

    Not usually. I spent a number of years doing software development for banks, and amongst the interesting things that I learned was that banks get hacked a lot more often than you think. You usually don't hear about it because the banks typically just replace the money that was taken from their customer's account and shut up about the whole thing. The odds aren't terrible that at least once, you've had money stolen from your account and never noticed that it happened.

  4. I despise password rules by billstclair · · Score: 3, Interesting

    Picking a secure password is the user's responsibility, not the web site's. I use Diceware to generate my passwords. A five-word Diceware password has 77 bits of entropy. That's equivalent to a 15-character password chosen randomly from upper and lower-case letters, numbers, and 13 special symbols. Most can memorize the Diceware password in a few minutes. Few of us can ever remember the random password. Yet many web sites refuse to allow spaces between diceware words, and demand that I use an upper case letter and a number or special symbol. I curse every time.