Skip to main content

Two factor authentication outdated?

According to the article below from The Register (quoting Bruce Schneier), two-factor authentication seems already be outdated. I believe, we should take a careful approach here: Two-factor authentication is certainly better than just user-id and password. Especially online banking in the US has been using just user-id/password and now they are paying the prize for this lax security measure. Stepping up to use onetime passwords (such as RSA SecurID or Aladin tokens) is a first step against sniffing out passwords. However, there is no such thing as complete security. But two-factor authentication is a first step. As every Information Security Officer nows, user awareness is key to increase security. By giving user a device, this awareness increases dramatically.

Link to original article.

New threats need new response

Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru.

[The Register]


Nonesuch said…
Nobody has claimed SecurID or other 2-factor authentication schemes to be a panacea.

But they are absolutely a security enhancement; they force the attacker to operate in realtime, making the attacker move from a simple "store and forward" password stealing attack to a much more sophisticated MITM approach.

Most attackers go after the low hanging fruit first. If WAMU uses tokens but CITI still relies on reusable passwords, which banking site will be targeted?

Popular posts from this blog


LOL; that is a very nice idea; wouldn't it be great if the boxes were recycled ones? I don't really like my pizzas come in boxes, because they always taste like the box...

Dark Twonky writes "Human Beans is selling the perfect gift for the geek who has everything. It's the PowerPizza, a pizza box for transporting your precious laptop in. From the web site: Desirable laptops are desirable to thieves too. Disguise your laptop with a PowerPizza and reduce the risk of getting it nicked." [Slashdot]