Should Online Banking Use Flash for Verification? 139
A user asks: "One of my banks has instituted a new 'Secure Sign-in' setup. They allow you to register your computer with them so that you don't have to go through the new extra security steps. This involves the use of cookies -and- Flash Objects: 'Adobe Flash objects store data in much the same way that cookies do on your computer. If you have Flash installed, we can recognize your computer in the event that you erase all your cookies.' This requirement of Flash will probably negate my ability to access my bank account when running Linux on my PowerMac since Flash Player is not available for it(haven't tested it yet). However, the real question is: Is Flash a good, secure option that a bank should use to help identify you?"
Why flash? (Score:1, Informative)
I don't like flash shared objects (Score:1, Informative)
Uh, no. (Score:3, Informative)
As part of a multi-factor authentication system it can help.
The probably are not using it as the primary authentication (account number, password). (If they are, they'll get shut down quickly.)
If your platform can't handle the Flash, chances are they'll make you go through a longer more customized login procedure, like answer previously arranged "security questions" and so on. It will be slower, but it will work.
There are some pretty aggressive new regulations concerning online banking login methods, so more and more of this stuff will be appearing. They will all still have a primary user/pass combo of some kind though.
Re:Short term memory loss? (Score:3, Informative)
From this article:
From the article you point to:
Adobe Flash Player Version Penetration (Score:2, Informative)
http://www.adobe.com/products/player_census/flash
Security questions (Score:2, Informative)
Not necessarily. It sounds like, if you use the plugin, the bank won't ask you those stupid "security questions" at login time, since they will be able to "recognize the computer."
Ideas for security questions:Comment removed (Score:2, Informative)