Sitekey vulnerabilities article

Aug 25th, 2006

Comments: 0
Category: General Security

Sitekey vulnerabilities article

SiteKey-20060718.pdf (application/pdf Object)
An article detailing some problems with the SiteKey implementation at BofA. I must say I’m not surprised by the one about real-time MITM bypassing the problem, but I’m a little surprised about one of the security processes for login being waived once the user clicks a button on a given PC and moreso that there’s no easy way to remove the bypass from a given PC….
Secondary security questions (well one’s that aren’t likely to be public knowledge anyway) are a decent add-on to an authentication procedure, but I wouldn’t have thought that they were so onerous, that you couldn’t just ask them every time…

Add a comment

Your email address will not be shared or published. Required fields are marked *