Friday, 21 December 2007

bank internet security ramblings

Bank of Ireland has introduced what seems like a very silly (in)security measure. Instead of typing in digits of a personal pin, the user must select each one from a drop down box. Personally, I think it is easier to look over one's shoulders and see what option is selected rather than see what someone typed in. Instead of covering the keyboard when I type it, I now have to cover the screen. Ok, I know the vast majority of customers will be accessing it from home or maybe work, but if you are on holidays in an internet cafe then maybe you want to be sure noone can see your details, so this is a bit worrying.

However, maybe they are concerned with a miscreant keyboard-logger logging the users details during login and then emailing them back to the evil hacker who created the logger in the first place, who would then run off and transfer all our money to his or her own account.

No comments: