Content deleted Content added
intro fix |
That entire chapter was nonsense: uncited, bold, irrelevant claims. It added nothing to the article, and as it's been tagged for over 20 months now without any improvement, so I removed it. |
||
Line 22:
==Key-lock TAN query==
Since a single TAN can be compromised, some banks require a TAN both for the log in and to authorize a set of transactions. For additional security, these have to be non-sequantial and retrieved by using a security challenge. There have been cases of fraud where two consecutive TAN's have been [[phishing|phished]] from a user. To protect against this, each TAN is associated with a "lock number" and randomly selected from a list. The bank server randomly selects a lock number as a challenge; the user then enters the corresponding TAN from the list. Since the order of the TAN's is randomly selected, an attacker can't acquire two consecutive TAN's. Also, because a TAN is associated with a lock number, the attacker can't just randomly select a position on the list — the only thing an attacker can do to steal a TAN is to guess lock numbers. In practice, the attacker should coax the user to write down the whole list of lock numbers and corresponding TAN's, which is clearly implausible.
==References==
| |||