Useless typing...

I am pumping Gas at the station. And this time it is not the now expected high price per gallon that makes my mind wander.

I am paying by credit card, so I have been asked for a PIN.

I am always amazed about the random security measures I see. In late days, "two factor authentication" or even "three factor" has gained a tremendous momentum and is considered a must for certain applications such as remote network access. You can see the familiar "token card" dangling from peoples lanyards. But two (or three) factor authentication was also a very well known concept in the XVII century. In fact, much before than that, the Romans would already use some form of it. The "three factor" refers to features that can be produced to prove identity:

• Something that only we know
• Something that we possess
  
• Some feature on ourselves that can be shown

We have heard stories where the messenger shows a tattoo or a particular mole on his skin, or maybe shows a medal, a seal or just utters a password.

So it is not a new concept. How do we fail miserably at implementing it sometimes?

I am just ranting about this useless routine of entering my ZIP code at the pump when I swipe my credit card. It says "to prevent credit card fraud you are now required to enter the ZIP code of your billing address". Granted, it is "two-factor" authentication, it is something that is in my possession (the card), and something that I know (the ZIP code). That should make it stronger, Right?

Well, where the intentions fall to the ground is for the "Something that ONLY WE know". Haven't the security gurus at the banks thought about the fact that you usually loose your credit card WITH YOUR WALLET? Yes, where your Driver's License is merrily giving away your ZIP code....