---

hi, i've asked this question on dk.general but was dirceted to this
group

I'm wondering if someone could tell me what kind of authentication
method is Danske Bank using for personal and business customers in
internet banking. I would link to know if they just offer static user
name and password of some kind of two-factor authentication and if so
what kind (TAN, tokens, digital certs, etc.)

Thank you very much for your help.
Tomek

---

Hello

> I'm wondering if someone could tell me what kind of authentication
> method is Danske Bank using for personal and business customers in

Call or send a mail to Danske Bank and ask them, they are the one
to know exactly what you like to know.

Regards Max

---

In article <1131372544.381831.255380@g44g2000cwa.googlegroups.com>, tom wrote:
> hi, i've asked this question on dk.general but was dirceted to this
> group
>
> I'm wondering if someone could tell me what kind of authentication
> method is Danske Bank using for personal and business customers in
> internet banking. I would link to know if they just offer static user
> name and password of some kind of two-factor authentication and if so
> what kind (TAN, tokens, digital certs, etc.)

Home users uses digital certificates. They try to use the same for
business customers. They do not yet support certificates on i.e.
Aladdin eToken, but I am trying to push them into implementing this, as
I am not satisfied with the certificate + password solution in an office
environment. Any local admin / domain admin can get both the certificate
and password by simple means (file + kbd sniffer) for multiple IDs, and
steal a few millions. This is way too easy. and in the business contract,
the bank puts the whole risk on the customer.

It might be OK for a single user, stand-alone machine at home. But I do
not like it. I might be paranoid, but I think the banks are too sloppy,
and not keeping up-to-date.

They currently also has something running over mainframe <-> mainframe, but
they are in the process of closing this down. Not sure if we use SNA or IP
for this.

The other solution they offer, originally for Macintosh users, but becoming
popular with more people is an ActivCard tokencard. 8 digit logon password,
and 6+6 digits challenge/response when verifying transactions. The user
has to purchase it for I think 200 kr. then the solution works with any
java enabled browser (Mac OS, Linux, Windows etc)

I speak only for myself, and not my workplace, which I will not even mention.

---

On 2005-11-07, Povl H. Pedersen <povlhp@acomputer.home.terminal.dk> wrote:
>
> The other solution they offer, originally for Macintosh users, but becoming
> popular with more people is an ActivCard tokencard. 8 digit logon password,
> and 6+6 digits challenge/response when verifying transactions. The user
> has to purchase it for I think 200 kr. then the solution works with any
> java enabled browser (Mac OS, Linux, Windows etc)

No, ActivCard is free now.

--
Andreas

---

Thank you for that guys!

Is the activcard a hardware token or a piece of software?

---

tomek wrote:

> Thank you for that guys!
>
> Is the activcard a hardware token or a piece of software?

It's a hardware token. Footprint of a credit card, but 4-5 times thicker.

Interesting side note: if you give a wrong code 4 times in a row, the card
is closed permanently. It _cannot_ be reopened, so you must get a new
physical card, which takes about a week. That's a free service though.

--
| Christian Iversen | Horses would come upstairs. Not to play |
| chrivers@iversen-net.dk | cards necessarily |