I needed access to a service from Barclays, so I phoned them up to get an access sorted out. I did the usual security questions (account number and so on), and they gave me the username to use, but not the password. The password has to be sent by email. So I gave him my email address, and asked "Why can't you give it over the phone?" "For security reasons." "You mean, to make sure that the password goes to the right person, and not to some random person who phoned you?" "That's right," he said.
That doesn't work, of course. He just sent it to the email address that I gave him over the phone. This is no more secure than giving it to me by phone.
No comments:
Post a Comment