Revision as of 08:37, 22 August 2006 edit 195.70.37.226 (talk) No edit summary ← Previous edit		Revision as of 19:57, 14 September 2006 edit undo Rdrs~enwiki (talk \| contribs) 101 edits check the discussion Next edit →
Line 12: In the Netherlands customers of the Postbank can get the TAN codes sent by [[SMS]]. The advantage is that users only get a TAN code when they are initiating a (real) transaction. Several banks use TAN codes sent by [[SMS]] in Hungary. TANs are believed to provide additional security because they act as a form of two-factor authentication. IfShould the physical document containing the TANs isbe stolen, it will be of little use without the password.; ~~On the other hand~~conversely, if athe ~~[[hacker]]~~login ~~cracks~~data ~~the~~are ~~user's password~~obtained, ~~they~~no transactions can ~~not~~be ~~process transactions~~performed without ~~the~~a ~~TAN. This form of two-factor authentication wrongly assumed it was unlikely for someone to gain illegal access to both the~~valid TAN~~, the user's password and additional login details at the same time~~. Should the client system become compromised by some form of [[malware]] that enables a [[cracker][malicious user] to obtain both the login data and a TAN number (in some systems, a TAN is usable for some minutes after the initial insertion), the possibility of an unauthorised transaction is high. It should be noticed that the remaining TANs remain uncompromised and can be used safely, even though action should be taken by the user as soons as possible. A trojan named Trojan-Spy.Win32.Bancos.pw is making its way in underground, changing the security landscape once again. This menace intercepts [[https]] traffic, obtaining usernames, passwords and even TAN codes which remains useful in the moments after its robbery. Recent research has shown that slightly over half of all [[identity theft]] is committed by an insider, often a family member. An insider would, of course, have greater access and opportunity to gain simultaneous access to both the TAN list and to the user's password. ~~Two-factor authentication is generally~~While an improvement over ~~traditional~~simple single-~~factor~~password ~~authentication but~~methods, it ~~should~~is ~~not~~important beto ~~mistaken~~keep ~~for~~in mind that a ~~panacea~~system's security strength depends on multiple factors. [[Category:Authentication methods]]

Transaction authentication number: Difference between revisions