I don't claim it is over-kill but fairly infrequently, when I use Mastercard
online it requires me to submit characters from a password that I have
chosen.
If I don't remember it then I can go through a fairly simple series of
questions (including dob and security code) and then select a new password.
The transaction then goes through.
I only chose the password a month ago and at the time it seemed memorable
(ie I had made some adjustment in characters to something that was
memorable - I couldn't even remember what it was based on - let alone the
adjustment that I had made).
The result is that I have now chosen a password that is more memorable but
would also be possibly more easy for others to guess. So defeating the
object of the password and making it less secure.
There should therefore be an option not to have a password and just simply
answer the scrutinising questions.
Nick Landau
----- Original Message -----
From: Tim Trent
To: [log in to unmask]
Sent: Thursday, March 22, 2007 10:11 AM
Subject: [data-protection] The Security aspects of Privacy
This may be useful for Samantha's IT training course. It's really "When is
security so strong that it is no security at all" and to do with protecting
illicit entry into online banking accounts. There is a mixed issue of
Security and or Privacy here, probably more on the technical security side,
but it does paint a picture:
http://timtrent.blogspot.com/2007/03/sainsburys-bank-overwhelms-customers.html
http://tinyurl.com/35ln2e
Again, sorry it's a blog, but these things are so useful that perhaps blog
blacklisters could ask IT to unblock specifics that interest them?
I'm perfectly happy with security that allows authorised access to be easy,
though not necessarily simple. But security that ensures that passwords are
written down is bizarre, surely?
Tim Trent - Consultant
Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618
Personal blog: http://timtrent.blogspot.com/
See also http://complianceandprivacy.com
email: [log in to unmask]
Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell,
United Kingdom, RG12 1BP
http://www.marketingimprovement.com
Important: This message is private and confidential. If you have received
this message in error, please notify us and remove it from your system. This
email and any attachment(s) are believed to be virus-free, but it is the
responsibility of the recipient to make all the necessary virus checks. This
email and any attachments to it are copyright of Marketing Improvement
Limited unless otherwise stated. Their copying, transmission, reproduction
in whole or in part may only be undertaken with the express permission, in
writing, of Marketing Improvement Limited. Marketing Improvement Limited is
registered in England No. 4283972. Registered Office: 643 Watford Way,
London NW7 3JR and its VAT number is GB798 2065 86.
All archives of messages are stored permanently and are available to the
world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the
email if you are receiving emails in HTML format):
Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to
[log in to unmask]
To receive emails from this list in text format: send SET data-protection
NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection
HTML to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an
otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list
owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the
moderators, and all requests for technical help to [log in to unmask],
the general office helpline)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|