UK’s Nationwide Building Society has implemented a system that should defeat most phishing and keylogging attacks. After entering their customer number (which can be saved on the computer), users must complete two more fields:
- Any one of three previously registered "memorable" data
- Using drop-down boxes, select three randomly selected digits from their six-digit passcode
Users probably don’t much like the changes at first, but it won’t take long before it’s routine, especially since users can select their own six-digit passcode.
Analysis
This system eliminates three problems:
– Those who use the same username/password from other sites
– Users with very easy-to-guess passwords such as their spouse’s name
– Keyloggers who capture typed username/passwords
To learn more about how to promote online security and peace of mind, check out Marketing Security: The sensitive issue of publicizing security and authorization enhancements from our sister publication, the Online Banking Report.