Tuesday, November 09, 2004
Morgan Stanley online security failure
This one's a real case of usability versus security. Morgan Stanley had to do a quick fix on their online credit card service when someone discovered that his log in details were being stored on his PC, so that he only had to enter the first digit of his card number and the rest (including his password) was automatically filled in for him. I think that using your browser store their passwords is a really bad idea, but in all fairness online banking services are supposed to over-ride this setting and not permit the details to be stored. Apparently no other online bank in the UK allows this (or at least no-one admitted it this morning).
The bigger issue here is people trying to make their lives easier by making use of automatic log ins. It doesn't matter how secure a site or service is if someone can steal your laptop and log into your accounts. It doesn't have to be a bank account to cause havoc - what about someone logging on to your Amazon account? So I think that users need to be careful with their passwords, just as service providers need to be careful with their security.
This one's a real case of usability versus security. Morgan Stanley had to do a quick fix on their online credit card service when someone discovered that his log in details were being stored on his PC, so that he only had to enter the first digit of his card number and the rest (including his password) was automatically filled in for him. I think that using your browser store their passwords is a really bad idea, but in all fairness online banking services are supposed to over-ride this setting and not permit the details to be stored. Apparently no other online bank in the UK allows this (or at least no-one admitted it this morning).
The bigger issue here is people trying to make their lives easier by making use of automatic log ins. It doesn't matter how secure a site or service is if someone can steal your laptop and log into your accounts. It doesn't have to be a bank account to cause havoc - what about someone logging on to your Amazon account? So I think that users need to be careful with their passwords, just as service providers need to be careful with their security.
Comments:
Post a Comment
(c) 2003-2005 Russell Beale
Atom
RSS