>> Does your bank request/require that you change the PIN >> on your ATM card every few months?
> ATM cards are not passwords, they are a coarse form of two-factor > authentication - You have the card, you have the PIN. > You have to possess both in order to transact - at least in in theory. > Compare that with the secrecy surrounding the CVV - the "last three digits > on the number on the back of the card" which you are "not meant to tell > anyone" and which _will_ be different if your card is lost/stolen and > reissued. If I'm not supposed to not "tell anyone", why is it even printed where I can read it? ---- [Context is only having so-many brain cycles to memorize passwords.] > It's harder as we get old. Use technology to aid with the heavy lifting. :-) Right. But the meta problem is figuring out which technology to trust. Phishing is the tip of the iceberg on social engineering. So far, the bad guys are winning. -- These are my opinions. I hate spam.
