Re: Bank Of Montreal Online Security

[Davin Enigl <davinenigl () comcast net>]

You are fooling yourself guys. If it's published (as below), it's in a 
database and crackable. Better: use OTP tokens. There will be no re-play 
attacks possible.

Besides, keyloggers capture your static passwords no matter what you 
come up with. Use an OTP like Yubikey. I's 44-63 random characters long 
and different every time. Static passwords are obsolete.

On 11/01/2012 01:36 PM, Michael Peppard wrote:
> Take 'old o' the Wings o' the Mornin', An' flop round the earth till
> you're dead
>
> Good luck cracking that password. Kipling's Widow at Windsor for those
> that don't recognize it.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------