NSW's online betting agency, NetTAB, has been forced to ditch its use of digital certificates in favour of a password-protected system because of continued usability issues.
TAB public affairs manager Peter Fletcher said the agency was forced to downgrade to an earlier generation of security because users had difficulty downloading the installation and complained about lack of portability.
He said downloading was "not simplistic" creating distress for users keen to place a bet.
Users of Public Key Infrastructure (PKI) must nominate one PC for digital certificate authentication. However, Fletcher said NetTAB's 15,000 customers want flexibility as they had computers at home and work as well as a laptop.
Although there hasn't been a single security breach recorded since NetTAB adopted digital certificates in 1997, Fletcher said the agency will implement the new password system on July 24, 2000.
"Security will not be compromised in any way as we will continue to use a very high level of encryption. We had various consultants assess security and received the highest possible ranking, which was on the same level as the banks, especially in relation to our funds transfers," he said.
While Fletcher would not disclose details of the costs associated with the changeover, he said the new system will simplify registration for users at first point of contact and enhance customer relations.
"NetTAB is only a small portion of our business compared to the 100,000 phone accounts we have, but it is a valued segment of our customer base and password access will make it convenient for them," he said.
Professional services regional director at Network Associates Dean Stockwell said the use of PKI often involves a trade-off between security and usability.
Stockwell said static passwords can be less secure, but with PKI it's usability that often suffers.
"Passwords are much more user friendly and they can be dynamic, but if someone is looking over your shoulder they can go to a PC anywhere and access your account," he said.
"As technology becomes more pervasive we will see the more widespread use of tokens which hold digital certificates such as smart cards, then it won't be an issue."
Stockwell said a good security system should include something you know, such as a password you keep in your head, and something you hold, like a smart card.