Revision as of 19:57, 14 September 2006 edit Rdrs~enwiki (talk \| contribs) 101 edits check the discussion ← Previous edit		Revision as of 19:59, 14 September 2006 edit undo Rdrs~enwiki (talk \| contribs) 101 edits mNo edit summary Next edit →
Line 14: TANs are believed to provide additional security because they act as a form of two-factor authentication. Should the physical document containing the TANs be stolen, it will be of little use without the password; conversely, if the login data are obtained, no transactions can be performed without a valid TAN. Should the client system become compromised by some form of [[malware]] that enables a [[cracker][\|malicious user]] to obtain both the login data and a TAN number (in some systems, a TAN is usable for some minutes after the initial insertion), the possibility of an unauthorised transaction is high. It should be noticed that the remaining TANs remain uncompromised and can be used safely, even though action should be taken by the user as soons as possible. Recent research has shown that slightly over half of all [[identity theft]] is committed by an insider, often a family member. An insider would, of course, have greater access and opportunity to gain simultaneous access to both the TAN list and to the user's password. While an improvement over simple single-password methods, it is important to keep in mind that a system's security strength depends on multiple factors.

Transaction authentication number: Difference between revisions