I have noticed that there seems to be a split between some banks/financial institutions who maintain complex security around their on-line account access and others who seem to have actively migrated towards a much simpler approach. Is there any evidence that the "simple" approach is either more or less secure than the "complex" one? [more inside]
posted by rongorongo on Jun 6, 2008 - 7 answers

Why are many financial institutions moving to a two-step login process, where you enter your username on one page and then your password on the next? For instance, Vanguard and ING. Their rationale is just that it's "more secure", but that's not much of a reason.
posted by smackfu on Aug 20, 2006 - 13 answers

I'm trying to get my application (VB, but that doesn't matter) to connect to the internet and support proxy servers that require a username and password. The former is easy, the latter not. What I'm doing is sending Proxy-Authorization: Basic [authentication] in the header (where [authentication] is "username:password" base64 encoded) with each request. However the proxy server keeps reporting error 407 (authentication required). I've read the RFC's, I've read google groups but I have no idea what I'm doing wrong. Any ideas?
posted by ralawrence on Apr 30, 2004 - 2 answers

What's the best way to keep track of an escalating number of logins and passwords? For the web, there's Opera's magic wand, but what about hosting accounts, ftp servers, ATM PINs, etc? Encrypted text file on the desktop? Scribbled note under the pillow? How do you manage (and hide) your password library?
posted by muckster on Jan 31, 2004 - 17 answers