Is more simple bank web security better?
June 6, 2008 6:22 AM Subscribe
I have noticed that there seems to be a split between some banks/financial institutions who maintain complex security around their on-line account access and others who seem to have actively migrated towards a much simpler approach. Is there any evidence that the "simple" approach is either more or less secure than the "complex" one?
posted by rongorongo to computers & internet (7 answers total) 2 users marked this as a favorite
By "complex" I am talking about institutions that ask their users to memorise several passwords and then ask for one or two of these at random on login. There is also a likelihood that use might be tied to a particular PC with a physical token or a cookie. An additional one-time access code may be required. By "simple" I am talking about cases where users are asked something like "enter characters x, y and z from your password" - and perhaps for one other fixed detail. Users are also able to log in from pretty much any PC they choose.
My guess is that the latter group has lower support costs and less frustrated users. But are there real world difference in the security levels?