Friday, October 13, 2006

User ID and Secret PIN

User IDs and PINs are the common authentication mechanisms for online services these days and companies are taking pains to try to provide the information to clients in more secure ways. These efforts of theirs are truly commendable but the actual way in which it is done really leave much to be desired.

Just today, I found 2 mailers in my letterbox and when I opened them up, one contained user ID while the other contained the "secret" PIN. Checking the date of postage, the 2 are the same! What sort of security is there when both mailers are sent at the same time and ends up together in my letterbox?

Companies implementing security should seriously evaluate if the measure they had put in place are sensible. This company had good intentions but ended up with a useless implementation.

No comments: