Passwords Passe at RSA Security Conference

Wired News: Passwords Passe at RSA where it appears that phishing and pharming are being addressed by the banking industry due to high profile cases of data theft, which then lead to identity theft and which got them nervous about losing too much money. But the vast majority of those losses occurred due to weak security, not at banks, but at data brokers and poorly protected retail credit and debit card databases.

Of course the banks and large retailers are rightly tightening security for online transactions and their own internal networks. I called my bank yesterday to retrieve my online login information and went through the usual ID verification questions to get it - and then was shocked as I attempted to login while he held the phone and when I made a typo and that login failed, he said, "No, that's not it" from his place on the other end of the phone. I was startled that he could watch my login attempts live.

Interesting, but security industry attention should be focused on the source of the original losses of data - brokers who sell the information used to steal from the banks to crooks. How interesting that security experts are looking at protecting secondary targets against loss when it would seem the attention should be on the primary source of the information that leads to further losses.

Save To Del.icio.us    Digg This!