

Reverse authentication for banking - jgrahamc
http://blog.jgc.org/2012/05/reverse-authentication-for-banking.html

======
pavel_lishin
I wonder if any scammers would spend the resources banking on the 1/1000
chance of guessing the three numbers correctly.

If you call a thousand people, odds are that you'll be able to convince one of
them you're from the bank. At that point, what are the odds of engineering
them into giving you money?

~~~
rollypolly
If the number of digits is the only thing insecure about this system, it
sounds pretty easy to harden by adding a few extra digits (or letters).

~~~
pavel_lishin
Sure, but that means manufacturing new dongles and mailing them out to
everyone. It would be a significant up-front cost.

