Sponsor's Message

Sometimes, even the best IT professionals can't always be trusted to use sensible passwords or protect them from falling into the wrong hands -- so why should we expect "Joe Average Public" to be any better?

The answer is that we can't.

People will use easily-remembered passwords such as their car's registration number, their dog's name, their first-born's birthday, or even the word "password" -- and they appear all too willing to share this information with the world.

If a trojan or keylogger doesn't catch this info, a small but disappointing number will respond to phishing scams and unwittingly hand over this critical data to criminals.

So what can we do to tighten up this whole security situation?

A few years ago, the ANZ bank offered its customers a smart-card and card reader that would plug into their PC. No card (or the wrong card) and you'd be blocked from accessing your online banking account.

Readers Say Got something to say about today's column, or want to see what others think?  Visit The Forums

Despite the fact that they were effectively giving these things away to their customers -- nobody was interested and the whole thing fell flat.

But would this system fly if it was relaunched today, in the wake of all the scams that have since surfaced?

Unfortunately, I think not.

As I mentioned in a previous column, people already have too many security devices to carry around and protect.

Keys for your car, your house, your office; magnetic cards for the photocopier, PIN numbers for your ATM card, access numbers for gaining access to your Post Office box after-hours, etc, etc -- the list is almost endless.

No, the last thing we need is yet another piece of plastic or another set of numbers to remember.

One innovative solution suggested by the banks is that when you attempt to log onto your internet banking system, you're sent a txt message containing a unique one-time session identifier that must be typed in to continue.

That's great -- except that (believe it or not) not everyone has a cellphone and do you really want an extra $0.20 charge every time you log on to check your balance or pay a bill? Remember, banks aren't renowned for absorbing costs that they incur as part of providing you with a service.

Then there's the problem of delays in the SMS service -- particularly when sending txt messages between the two major carriers. Who really wants to wait 20 minutes (or more) for a session ID if there's a bit of a queue at the gateway?

No, in order for an authentication system to work it must be simple, reliable, unencumbered by extra hardware, and require no mental effort.

But this whole issue of security and authentication is also important to our future as citizens -- mainly because the government is working hard to stick an "e" in front of their name and provide as many services as possible through the Net.

Clearly ID/password pairing has shown itself to be too exploitable for many who use online banking so can we consider it safe for e-government services?

I'm damned if I don't see a universal biometric ID card with smart-interface in our fairly near future. Should we be worried?

If you feel that this is a good thing and/or you hold a "geniune affection" for yours truly -- then you are welcome to gift me some money using the buttons provided. In gifting this money you accept that no goods, service or other consideration is offered, provided, accepted or anticipated in return. Just click on the button to gift whatever you can afford. NOTE: PayPal bills in US dollars so don't accidentally gift more than what you were intending :-)

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!