Should Online Banking Use Flash for Verification?

A user asks: "One of my banks has instituted a new 'Secure Sign-in' setup. They allow you to register your computer with them so that you don't have to go through the new extra security steps. This involves the use of cookies -and- Flash Objects: 'Adobe Flash objects store data in much the same way that cookies do on your computer. If you have Flash installed, we can recognize your computer in the event that you erase all your cookies.' This requirement of Flash will probably negate my ability to access my bank account when running Linux on my PowerMac since Flash Player is not available for it(haven't tested it yet). However, the real question is: Is Flash a good, secure option that a bank should use to help identify you?"

Why flash?

[Anonymous Coward]

I hope they're not using flash just to obscure the source code, as it is very easy to get to it with a decompiler like flare [nowrap.de]...

I don't like flash shared objects

[Anonymous Coward]

I don't like flash shared objects. You can disable them outside of flash by fudging up Flash's directory structure (essentially creating a file in place of the directory so flash can't recreate it). Instructions and bash file are available here [elifulkerson.com].

Uh, no.

[jafiwam]

If they are using Flash and a feature intended to help make sure they know you are using a computer you previously used it helps. (Like a cookie)

As part of a multi-factor authentication system it can help.

The probably are not using it as the primary authentication (account number, password). (If they are, they'll get shut down quickly.)

If your platform can't handle the Flash, chances are they'll make you go through a longer more customized login procedure, like answer previously arranged "security questions" and so on. It will be slower, but it will work.

There are some pretty aggressive new regulations concerning online banking login methods, so more and more of this stuff will be appearing. They will all still have a primary user/pass combo of some kind though.

Re:Short term memory loss?

[Bogtha]

From this article:

This requirement of Flash will probably negate my ability to access my bank account when running Linux on my PowerMac

From the article you point to:

The official Adobe Linux Flash blog has announced that Flash player for x86 Linux is now final

Adobe Flash Player Version Penetration

[jamesbulman]

Just to sprinkle some numbers into the discussion...

http://www.adobe.com/products/player_census/flashp layer/version_penetration.html [adobe.com]

Security questions

[MCZapf]

This requirement of Flash will probably negate my ability to access my bank account when running Linux on my PowerMac since Flash Player is not available for it(haven't tested it yet).

Not necessarily. It sounds like, if you use the plugin, the bank won't ask you those stupid "security questions" at login time, since they will be able to "recognize the computer."

Ideas for security questions:

• What is the name of the second-largest river that flows through the town where your grandmother on your father's side bought her first four-door car?
• OK, what's your REAL password?

Comment removed

[account_deleted]

Comment removed based on user account deletion