[whatwg] [WF2] Objection to autocomplete Attribute

Jim Ley jim.ley at gmail.com
Wed Mar 30 04:58:29 PST 2005

On Wed, 30 Mar 2005 12:03:44 +0000 (UTC), Ian Hickson <ian at hixie.ch> wrote:
> On Wed, 30 Mar 2005, Lachlan Hunt wrote:
> Instead of a password, the bank issues you with a hardware device that
> computes a one-time password that changes every minute.

Which changes the security to a physical security problem

> To be honest, the fact that there are still banks that use PIN codes or
> passwords for Web-based access is frightening. 

I don't find it frightening at all, the levels of this sort of fraud
aren't high, and the problem is phishing.  The cost and inconvenience
of lugging around yet another passkey device (4 bank accounts with
different banks, a couple of corporate VPN's) is enough such that I
simply wouldn't use a bank (or a banks internet access) if they forced
such a device on me.

The hardware methods don't stop phishing (they do make it slightly
harder in that the removal of the money has to be immediate meaning
there's more accounts needed to transfer money into) but as they're
not perfect and are a considerable extra cost, can't be taken into a
lot of countries of the world, I can't see the attraction.


More information about the whatwg mailing list