August
25th,
2006
SiteKey-20060718.pdf (application/pdf Object)
An article detailing some problems with the SiteKey implementation at BofA. I must say I'm not surprised by the one about real-time MITM bypassing the problem, but I'm a little surprised about one of the security processes for login being waived once the user clicks a button on a given PC and moreso that there's no easy way to remove the bypass from a given PC....
Secondary security questions (well one's that aren't likely to be public knowledge anyway) are a decent add-on to an authentication procedure, but I wouldn't have thought that they were so onerous, that you couldn't just ask them every time...