Friday, December 09, 2005

The Reverse Password

There is a ton of internet fraud these days. One way that fraudsters can get a hold of your account information is by spoofing a website. They create a website that looks identical to a legitimate one. When you want to log into the fake site, they basically steal your login information and password.

Why don't we see more use of the Reverse Password? Some sites have already begun doing this, but it's really quite rare from what I've seen. The Reverse Password is a simple scheme... when you first enroll or create an account, you specify a login name, a primary password, a secondary password, and also a reverse password of your choosing. The secondary password can be as simple as an answer to one of the standard "identify yourself" questions (e.g. What is your mother's maiden name?, What is your favorite hobby?, etc).

Now, when you log into the site, you enter your username and primary password. You are then shown the reverse password, which ensures that the site is the same one that you think it is. Finally, you are asked to enter a secondary password to gain access to your account. One benefit is that if you are ever given an incorrect reverse password, you can immediately get in touch with the site you are trying to access to let them know of a potential security breach.

Maybe the reason this hasn't gotten too popular is that it is too complicated a process, but I feel that it makes sense. Recently, Bank of America has implemented a Reverse Password scheme. It isn't exactly like the one I described, but it more or less accomplishes the same thing in a similar fashion. A quick description of how their system works can be found by clicking here.

What do you think? Have any sites you frequent begun using a Reverse Password?

No comments: