Thursday, March 01, 2007

Powerful Anti-phish Security

Hartford Investments Canada has a surefire way to protect their clients from being phished for their account credentials. I for one am confident that there is no way I could be tricked into providing my password to a phisher, even without the benefit of a smart client mediating server authentication for me.

The mechanism works as follows (I confess it took me a while to work out the subtleties):
  1. Do not allow clients online access to their accounts

  2. When challenged, respond with 'It's to ensure the safety of your account information'.

Ingenious - I can't share what I don't have.

I understand their hesitancy about enabling client access - who knows just whether or not this 'Whole Wide Web' thing is going to take off.

1 comment:

Anonymous said...

Could not agree with you more. I have to answer three questions everytime I need to get into my bank!! Every single time

To get to one of my credit cards, there are categories of questions, which have time varying answers, ie, "who is your favourite actor?". The answer to such a question is not consistently unique.