Why is my World of Warcraft more secure then my bank account?
I was logging into my bank account the other day, and I realized that while the site does have various levels of security, my World of Warcraft account is more secure. I use the Blizzard authenticator system which uses an security token to generate a number, which I then enter so I can log in and play. Why doesn’t my bank have this technology? It’s not exactly difficult to implement, the technology can be licensed (as seen with Blizzard) and you can get software now that will support the encryption that you can install on your phone, which eliminates the need for even the physical security token.
For those not familiar, the way it works is this: you get a small piece of hardware, usually roughly the size of a small key-chain fob. The back of the device has a series of numbers. These are the seed numbers used to start an extremely complicated algorithm which allows the token to generate a seemingly random number combination to use with the login system. It sounds complicated but it’s actually quite easy, and provides a pretty much bulletproof authentication method of security. It works best of course, when you combine a strong password with the random number system. Since the numbers change every 20 seconds, that could be the solution to prevent phishing in most cases. Sure, they might get the username and password, but without that constantly changing number, it wouldn’t do them any good.
I think it all comes down to convenience. Suzy Soccermom doesn’t want to have to carry a security token around with her whenever she wants to pay the electric bill. I understand that. What I don’t understand is if a person (like myself for example) has enough knowledge to be concerned about security, why can’t I get an encryption key? Given the amount of money that’s lost every year to internet fraud, you would think that financial institutions would be all over this idea. In 2007 for example, the losses due to phishing allow equaled more then 3.2 billion dollars. To think that if someone used a $20 piece of hardware, those funds wouldn’t have been lost.
I can see the other side of it. Most people don’t have the knowledge or level of paranoia to worry about this type of security. Plus, if you were to lose your token, or forget it at home, you’re locked out of your account. I get that. But when you consider that you can get a program that you can install on your phone that will do the same thing as a security token, it makes less and less sense to not use this type of technology to protect yourself. I suspect that in the not too distant future, this will be where our financial institutions are going. There’s already been a move toward smartchips in debit cards instead of using magnetic strips. It’s definitely time to do something to beef up the security on your bank account, and it’s going to take people complaining about online banking not being secure enough before it happens.