Security Basics
Bank Of Montreal Online Security Oct 26 2012 07:07PM
mrtolton gmail com (1 replies)
RE: Bank Of Montreal Online Security Oct 29 2012 02:05PM
Trey Keifer (trey keifer wireharbor com) (1 replies)
RE: Bank Of Montreal Online Security Oct 29 2012 08:19PM
Alexander A. Kelner (a kelner noc brsi ru) (1 replies)
RE: Bank Of Montreal Online Security Oct 31 2012 02:26PM
Dave Kleiman (dave davekleiman com) (1 replies)
Alexander,

>>> Which password length is more secure - that is a question.<<<

If you used the above statement, just as you typed it, as your password (passphrase), would it not both much stronger than 6 characters and very easy to remember?

Respectfully,

Dave Kleiman - http://www.ComputerForensicsLLC.com - http://www.computerforensicsexpertwitnesses.com

4371 Northlake Blvd #314

Palm Beach Gardens, FL 33410

561.310.8801

-----Original Message-----

From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Alexander A. Kelner

Sent: Monday, October 29, 2012 16:20

To: security-basics (at) securityfocus (dot) com [email concealed]

Subject: RE: Bank Of Montreal Online Security

> From: listbounce (at) securityfocus (dot) com [email concealed]

> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of mrtolton (at) gmail (dot) com [email concealed]

> Sent: Friday, October 26, 2012 2:08 PM

> To: security-basics (at) securityfocus (dot) com [email concealed]

> Subject: Bank Of Montreal Online Security

>

> It's come to my attention that the Bank Of Montreal online security is

> shockingly lax. First of all regardless of your password length, it

> only cares about the first six characters. Even more insane is it

> doesn't matter what case of the letters are, it will allow you access all the same.

>

> On top of this, theres a bug in the iPhone app which will not allow

> you to unsave your card number.

>

> Its a good thing they guarantee 100% of your money against fraudulent

> transfers, because its only a matter of time.

Hello.

IMHO "shockingly laxity" is not as obvious as it may appear at first approach.

Six chars give us about (26+10)^6=2 billions of possible passwords.

If their server is smart enough to allow as low as 1 authentication attempt per second for the same account then you will spend some hundreds years trying to brute force it.

BUT! The short password can be easy memorized, when the long password must be recorded somewhere (sometimes in very inappropriate place), and then may be stolen. Which password length is more secure - that is a question.

[ reply ]
RE: Bank Of Montreal Online Security Oct 31 2012 08:49PM
Alexander A. Kelner (a kelner noc brsi ru) (2 replies)
Re: Bank Of Montreal Online Security Nov 01 2012 02:57PM
Juan F. Campos - Computalleres.com (jfcampos computalleres com) (1 replies)
Re: Bank Of Montreal Online Security Nov 01 2012 06:23PM
Alexander A. Kelner (a kelner noc brsi ru)
Re: Bank Of Montreal Online Security Nov 01 2012 01:53PM
Alexander Meesters (a meesters sansyl com) (2 replies)
RE: Bank Of Montreal Online Security Nov 01 2012 04:24PM
Hough, Kenneth P (kenneth phough WPI EDU) (1 replies)
RE: Bank Of Montreal Online Security Nov 01 2012 06:31PM
Alexander A. Kelner (a kelner noc brsi ru) (1 replies)
Re: Bank Of Montreal Online Security Nov 01 2012 08:36PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Bank Of Montreal Online Security Nov 02 2012 05:09AM
Davin Enigl (davinenigl comcast net) (1 replies)
RE: Bank Of Montreal Online Security Nov 02 2012 10:01AM
Mike Vella (mike bakerross co uk)
Re: Bank Of Montreal Online Security Nov 01 2012 04:12PM
Davin Enigl (davinenigl comcast net)


 

Privacy Statement
Copyright 2010, SecurityFocus