« Connoisseurship of Smartphone Chaos | Main | Bring your Cloud to Work in Iraq »

Comments

Slonob

It must not be bad enough to warrant change from the perspective of the banks. It all comes down to money with these bankers after all.

I will cheer when my bank finally offers strong authentication. I would love to use my shiny new, flat as a credit card VIP card (by InCard). But I'll also gladly do one time codes to SMS.

Again, they don't really seem to care. Apparently it doesn't cost them enough.

I would actually love to see service providers abdicate all identity responsibility. I would love to see them consume only a trusted, verifiable authorization decision. Let me pick my IDp. Let something else assert authorization based on trusting my IDp.

Of course, I know you're talking about all of the Ns in the N tier participating in authorization. We both know how well that's implemented.

I'm working on audit logging as the first step. I want audit logs to SCREAM that authorization is not properly implemented.

mcse

will cheer when my bank finally offers strong authentication. I would love to use my shiny new, flat as a credit card VIP card (by InCard). But I'll also gladly do one time codes to SMS.

clark

will cheer when my bank finally offers strong authentication. I would love to use my shiny new,mcse flat as a credit card VIP card (by InCard). But I'll also gladly do one time codes to SMS.

The comments to this entry are closed.