Person - web interface - database/server : How do we authenticate when the currency is anonymous? Perhaps use the same principles as Bitcoin itself? Do we allow "anonymous authentication"?
Verisign the website?
Get Andreas Lie to recommend "best practice security architecture" and testing procedures.
- Brute force password
- "layer below"
- social engineering/password theft
An easy "solution" for providing authentication is to use the established "standard" bankID system. I'm not sure if this is even possible from a legal point of view - i.e. you probably have to operate as an "approved bank" for authorization. I have only seen banks using bankID (Nordea, Skandiabanken, DnBNOR), while brokers like Nordnet uses their own password-only system (no "something you have").
Threats: physical break-in