Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



HSBC Online Banking Security Flaw Analyzed

Spudnuts US System is Different (178 comments)

As a US HSBC customer, the security that I see is different than the article describes.

The login process is fairly typical (username, password only), but in mid-July 2006, they changed the process so that they are entered on separate pages. I do not understand how this improves security, because the username is echoed back on the password-entry page. There are no additional interactive anti-replay attack features--the username/password form seems to have been simply split to two pages.

The biggest security feature that I have casually identified is that on the Online Bill Payment page, it is necessary to do a second authentication using a Java-based on-screen keyboard (which must be clicked with a mouse). This avoids a simple keystroke logger but is not beyond other attacks (for instance, it would be somewhat easier to shoulder-surf).

more than 8 years ago


Spudnuts hasn't submitted any stories.


Spudnuts has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?