Quote:
Originally Posted by stumped
- - - - -
more and more financial sites are now insisting on sms based security features
|
That is only "warm and fuzzy security" features.
Since sms is not encrypted for transmission.
It could be. *
In fact, voice is often not encrypted, although it can be.
That just depends on how cheap your cell phone and your service provider is.
- - - -
* Which gives the financial institution "plausible deniability" if you suffer a loss based on something they send via sms.
I.E:
Not their fault, it is the fault of (pick one or more):
Your service provider (not encrypting sms when they could have),
Your cell 'phone (not supporting encrypted sms because it is too cheap a model)
Your fault (you picked the cell 'phone and the service provider)
And who in the world ever thought a cell 'phone was a secure repository of sensitive information?
It isn't, it can't be, unless physically secured by the owner (which makes it sort of hard to use - unless you can get into the safe in time to answer the call).
The basic of basics:
"No computer system of security can exist when the computer system is itself physical insecure."