Secure Transactions
Heinz Diehl
htd+ml at fritha.org
Sun Aug 31 08:59:08 UTC 2014
On 31.08.2014, Tim wrote:
> Ideally, for things like banking, you really want to know the
> fingerprint ahead of your first use. They should really give you a hard
> copy of what to expect when you set up your account / get a new card.
I've never seen that a bank has recommended checking the certificates
fingerprint, despite tons of articles in newspapers and on the web
reporting about phishing. Phishing is not a problem if everybody would
check the fingerprint before entering any credentials. You can
clone-copy a website, but you can't fake the fingerprint of the
certificate. It's that easy, and thus not understandable to me why
there is ongoing discussion about phishing. Not that I think global
dissemination of how to check the certificates fingerprint would
eliminate it, but it would at least reduce it drastically.
> The security of personal banking is terrible, anyway. e.g. Try phoning
> them up for help, but be unable to recall your password. They'll help
> you too much.
At least my bank does a f*cking sh*t if I don't appear in person
and show them my identity card.
More information about the users
mailing list