mendax.org

Most people can’t secure their various online accounts properly, let alone their bank accounts. Sure, I may be basing this primarily on anecdotal evidence and simple observations, but I don’t have much faith in people’s account security measures, particularly when most people are more prone to using keywords for passwords than they are true alphanumeric combinations.

Bank security is more limited, however, being that ATM codes are purely numerical. While statistically, a random combination may be difficult to find, most people don’t use random combinations of numbers to select PIN numbers. Even worse, it seems that the security on which ATMs are built is algorithmically flawed, but Citibank doesn’t want people to know the truth. In fact, their gag order was set to prevent crypto experts in identifying ATM security flaws to the public, despite the fact, crypt experts argue, that the academic community should have a right to know.

Admittedly, if the public at large knew about these security flaws, particularly if these flaws are significant in scope, it could open up banks (and thus, the investor) from losing money. Whether or not this should result in a complete gag order, however, is not something one should be quick to answer.

More information on the mathematically sound processs to crack a PIN number in 15 tries can also be found at The Register, with appropriate links to more technical explanations.

If anything comes of this, I hope it’s that Citibank and other financial organizations put some quality research into better, more secure methods of keeping PINs under lock and key, as it were. Perhaps, even, it’s time to consider smart cards and more “futuristic” methods of bank security for the individual.

Popularity: 1% [?]