Actually, PassWindow's main benefit is its ability to encode transaction information into the challenge. It's like a secure information channel so the customers can check its the right account before transfering money.
The key to solving this problem is secure and cheap transaction authentication, which is what IBM has been trying to achieve with their ztic, but even that I fear is vulnerable.
The solution I think that will ultimately put something of a stop to the mitb/trojan is this: http://passwindow.com/
It seems at first glance too good to be true, but I read parts of the whitepaper and it seems legit.
I heard it mentioned that a few banks might be rolling it out some time this year....
Slashdot Mirror
Actually, PassWindow's main benefit is its ability to encode transaction information into the challenge. It's like a secure information channel so the customers can check its the right account before transfering money.
The key to solving this problem is secure and cheap transaction authentication, which is what IBM has been trying to achieve with their ztic, but even that I fear is vulnerable. The solution I think that will ultimately put something of a stop to the mitb/trojan is this: http://passwindow.com/ It seems at first glance too good to be true, but I read parts of the whitepaper and it seems legit. I heard it mentioned that a few banks might be rolling it out some time this year....