03 October 2007

Unnecessary authentication

After a long time I called up my share broker customer support. They are India’s one of the best and biggest broker.

I was greeted with an automated message “please dial your customer id”. I did. And then “please enter your PIN”. I did. And then comes the automated message – “this service is available only between 10AM -6PM”

Bulldung. If they service is not available why ask for user id and PIN. Why increase attack surface unnecessarily??

As I said, security is not just eight letter word. It’s a state of mind.

Filed under: authentication

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Comment Policy: No HTML allowed. URIs and line breaks are converted automatically. Your e–mail address will not show up on any public page.

Name (required)
Your URL (optional)
Comments (required)
Remember Me?

Security is not a eight letter word

Search

Links

This blog is provided "AS IS" with no warranties, and confers no rights. Opinions are not necessarily of Microsoft.

Unnecessary authentication

Comment Notification

Comments

Leave a Comment

Security is not a eight letter word

Recent Posts

Tags

Archives

Search

Links