But we have cracked hardwear before......
If you *have* to trust someone, don't.
This assumes that the message sent from the phone can't be spoofed - I'm not sure if an attacker changing his caller ID would be able to get around that.
Well done! Tell us all something we don't know. :-p
It seems that two factor authentication with a two-way SMS message would work. A number sent to the phone must be typed into the computer, and a number shown on the computer must be typed into the phone and sent as a reply to the SMS.
As long as this is part of the key, the key will have its faults.
Social engineering will always enable an attacker to lure people into fake websites or make them install trojans. I it is worthwhile making passwords useless to an attacker without the authentication token.
"Technically you might have bought the hardware and software, ..."
That rather depends how reliable my computer is at the moment. For many readers of this blog (and Wired), sure, we don't want people messing with our silicon unless we know about it and approve. But most users already lack control of "what it does, and how the various software components interact" - they quite rightly choose not to spend months learning how to do that.
(Accounts are really "bankgiro" or "postgiro" numbers)
> This sounds complicated but needn't
> be. To log in, the user would need not > only the PIN but also a one time TAN. > For each individual transaction, the
> user would need one additional TAN as
> usual. This will prevent phishing and
> Trojan attacks beacause the attacker
> can never capture two valid TANs: The
> first TAN will be expired as soon as
> the user is logged in. If the attacker
> prevents the user from logging in, he
> won't be able to capture a second TAN.
> Can anybody beat this?
Easily. If you have a Trojan installed in your computer, I think I can agree with rcme that it's "game over".