Path: utzoo!attcan!uunet!ingr!crossgl From: crossgl@ingr.UUCP (Gordon Cross) Newsgroups: comp.unix.wizards Subject: Re: Here's a *BRILLIANT* password idea! (Sarcasm on) Message-ID: <3057@ingr.UUCP> Date: 30 Nov 88 19:18:34 GMT References: <438@amanue.UUCP> <10900@ulysses.homer.nj.att.com> <32305@think.UUCP> Organization: Intergraph Corp. Huntsville, Al Lines: 20 In article <32305@think.UUCP>, barmar@think.COM (Barry Margolin) writes: > > Even without this, there are other safeguards. First and foremost, > the perpetrator needs your card. Of course, if he has your card he > doesn't really need to guess your password, since it is encoded on the > card, so if he knows what he is doing he can simply change it. If he > doesn't have your card, but has instead manufactured a forged card, he > doesn't need your password since he can put whatever password he wants > on it. As I understand it, the only thing encoded on the card itself is the card number (the UNIX equivalent of a user name). The card holder must supply his secret number which the ATM forwards (along with the card number) to the bank's central computer for verification. Presumably this information is encrypted to prevent someone from tapping the transmission... Gordon Cross Intergraph Corp. Huntsville, AL ...uunet!ingr!crossgl