| reply to Tablet
Re: Securing my Certificates said by Tablet:
To make things clear:
When using the online banking I go to a web page and have to input location to the certificate and on the same web page I also input the password.
So a window pops up and ask the certificate? Can you grap a screen capture(s) from that?
quote:
I obtained the certificate on a floppy disk, they gave it to me in the bank and the password was already there protecting the private key, I had chosen the password myself in the web application.
OK.  But a stupid question: Why do they use certificates for this one, it would a lot easier to use one-time-passphrases or verification cards (similiar) to login. Now, you cannot login if you dont carry that disk with you all the time and you CANT use any public computer to login, since if that computer is fitted with trojan horse, it can grap your certificate when you use it yourself!!! If you where using one-time-passphrases (usually 4-8 digit number) there would be no danger or trojan horses since the number you give is only used once (by you) and then its useless.
quote:
What you are describing as Java script error is exactly what I get if I enable option to use FIPS compliant encryption. Only when I disable this option or when I enable TLS I can proceed further and see the actual page.
Intresting! I get the same error when I try to use Nordea banks internet with my IE! Hmmmmmm......Strange. FIPS option should NOT have any effect on SSL/TLS whatsoever!  LOL!
--
My computer security & privacy related homepage »www.markusjansson.net |
