good security should only give you 3 chances before the account and or terminal is locked.You use that, also?
This will require some sort of biometric periferal be installed on every computer from which a bank account will be accessed.
If this thing can figure out my dog's name, my files are toast.
I got one better than that - CubsWinSeries
I don't necessarily care that to sign on to my companies network I need two different usernames, and two different passwords, but the fact that about every four weeks they force us to change them.
For awhile I was using the same combination of letters and numbers, just changing the last number as I was required to change.
They then set it up so you could not use anything similar to the previous password, it must be completely different.
Add this to the other dozen passwords I need, I finally just made a list and taped it over my desk.
(Before anyone gets too excited I should say I work at home, and outside of my wife, nobody ever sees it.)
My point is by making the requirements for password such that it is impossible to remember them all, you in fact make it easier for someone to find where the user has written them down.
good security should only give you 3 chances before the account and or terminal is locked.One factor authenticaion is extinct.
2 factor is where it's at - something you have, something you know.
I don't see how this is that effective against any decent security system.
How do you read the hash for any particular account in the first place? Unless you alread have access to the machine, you can't, forcing you to rely on brute force with this technique. A simple 5-second time delay between retries and/or a limit to failed login attemps can defeat brute-force systems.
A simple encrypted ID file like Lotus Notes uses makes their technique worthless.