Communications of the ACM
In Search of Usable Security: Five Lessons from the Field
IEEE Security and Privacy
Federated identity management for protecting users from ID theft
Proceedings of the 2005 workshop on Digital identity management
Communications of the ACM - Supporting exploratory search
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Usability and privacy in identity management architectures
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Interacting with Computers
hPIN/hTAN: a lightweight and low-cost e-banking solution against untrusted computers
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
| Hi-index | 0.00 |
Security for online banking has changed considerably during the relatively short period that online banking has been in use. In particular, authentication and identity management in the early implementations were, and sometimes still are, vulnerable to various attacks such as phishing. Current state-of-the art solutions include methods for re-authenticating users via out-of-band channels for each transaction. This paper describes a security investigation of this type of solution. The investigation concludes that it protects against certain attacks while still being vulnerable to other obvious attacks. In the near future, it is expected that the remaining vulnerabilities will be exploited as the attackers get more sophisticated. Possible ways of protecting against these future attacks are outlined.