I concur with the others here:

@Troy F.: Interesting discussion which is very very actual in the company I work for as a Dutch company with huge operations in both the US as Asia/Pacific, that also has a NYSE stock listing and therefore has to comply to Sarbanes-Oxley rules.

@bobofat: Sorry, but I am Dutch, and the Dutch are known to really hate to be told 'do not ask questions, just follow the rules'. The first question a typical Dutchman asks when he/she is ordered to do something is ask why ;-)

Well, I am certified as CISA as well, but I do not think that reacting immediately this article should not have been published is the most sensible thing to do.

@Jason:

Scary.

I really can not understand how a post like this made LH. I am not going into the xenophobic discussion, but the facts are just plain incorrect.

At least do not use your own credit card, as a thief in Germany can tell you. This thief tried to break in using his own, the card got stuck and broke in half, forcing him to leave a half behind, he got arrested within a day because his name was on it.

There is no way ever that I could work with any online application, most if not all of the documents I work on are classified at least confidential.

Well, I will stick with Logmein, as iRemotePC needs Java and my work PC does not have any Java VM (nor the possibility to install Java without administrator rights).

@Alan Thomas: 'Very few use tokens because it drives the costs up too high. A few do provide them in the U.S., if you're willing to pay the added monthly fee'.

I am still amazed that websites that involve money in the US still seem to rely on password only.

I have some privacy concerns with this. According to scanRs privacy policy: 'We may store in an aggregated form some or all of the text contained in the images you send'.