Skip to main content

Two factor authentication outdated?

According to the article below from The Register (quoting Bruce Schneier), two-factor authentication seems already be outdated. I believe, we should take a careful approach here: Two-factor authentication is certainly better than just user-id and password. Especially online banking in the US has been using just user-id/password and now they are paying the prize for this lax security measure. Stepping up to use onetime passwords (such as RSA SecurID or Aladin tokens) is a first step against sniffing out passwords. However, there is no such thing as complete security. But two-factor authentication is a first step. As every Information Security Officer nows, user awareness is key to increase security. By giving user a device, this awareness increases dramatically.

Link to original article.


New threats need new response


Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru.

[The Register]

Comments

Nonesuch said…
Nobody has claimed SecurID or other 2-factor authentication schemes to be a panacea.

But they are absolutely a security enhancement; they force the attacker to operate in realtime, making the attacker move from a simple "store and forward" password stealing attack to a much more sophisticated MITM approach.

Most attackers go after the low hanging fruit first. If WAMU uses tokens but CITI still relies on reusable passwords, which banking site will be targeted?
Thursday, March 17, 2005 at 9:50:00 AM GMT+1
Post a Comment

Popular posts from this blog

Requegesis

Requegesis is the critical interpretation of requirements. It’s at the same time an art and methodical approach to understand history, origin, background (also cultural), criticality and validity of requirements. The goal of requegesis is to find the best functional response to requirements while taking liberty in their interpretation. The word “requegesis” itself is a portmanteau - a linguistic blend - of the two words “requirement” and “exegesis”. The first part of the word “requ” is used in the traditional sense of the " singular documented physical and functional need that a particular design, product or process must be able to perform ". The second part of the word exegesis (from the greek “to lead out”) is the “ critical explanation or interpretation of a text, particularly a religious text. “ I think exegesis with the connotation of being used for religious texts underlines the way some requirements being treated as sacrosanct rather than critically interpreted ...
Post a Comment
Read more

Sony is evil

I just so agree with Todd: Bad Company of the Year Award! : The company that I am putting at the top of my list is a 4 letter word so foul, that it has been banned from my home. I have asked my wife who is Japanese to refrain from buying any of their products for the next 5 years. The Bad company of the year is no other than SONY… Sony is just a big no-buy company. My girlfriend knows why Sony is evil and we both will rather buy a more expensive or less appealing product from a competitor. " Sony is evil " has only 726 hits on Google, but this will increase. Edit: More about the damage Sony does: Artists revolt against DRM Portable stereo's creator got his due, eventually
Post a Comment
Read more

The seduction of "good enough"

Seth Godin once again speaks from my heart. I think that good enough is far away from being sufficient anymore. Think about common household goods: The current business plan for creators of measuring cups and other household items is: cheap, one size fits all and throw away in two years to buy again. I recently was at the local IKEA to buy a new measuring jug, but they only had cups with metric and imperial measurement system - and none of them were made of glass, all plastic. I don't want another measuring systems on my cup. This may sound narrow-minded, but I regard those different systems utterly confusing - especially when I'm cooking. I addition, the letters on these plastic cups vanish after a year or two. I went and ordered a glass measuring jug , made from Jena glass in Germany. It wasn't expensive. And it feels light and solid. It's made in Europe. It only has metric marks on it. It will be good for a lifetime. That's a product, that can't be made any b...
Post a Comment
Read more