Skip to main content

Two factor authentication outdated?

According to the article below from The Register (quoting Bruce Schneier), two-factor authentication seems already be outdated. I believe, we should take a careful approach here: Two-factor authentication is certainly better than just user-id and password. Especially online banking in the US has been using just user-id/password and now they are paying the prize for this lax security measure. Stepping up to use onetime passwords (such as RSA SecurID or Aladin tokens) is a first step against sniffing out passwords. However, there is no such thing as complete security. But two-factor authentication is a first step. As every Information Security Officer nows, user awareness is key to increase security. By giving user a device, this awareness increases dramatically.

Link to original article.


New threats need new response


Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru.

[The Register]

Comments

Nonesuch said…
Nobody has claimed SecurID or other 2-factor authentication schemes to be a panacea.

But they are absolutely a security enhancement; they force the attacker to operate in realtime, making the attacker move from a simple "store and forward" password stealing attack to a much more sophisticated MITM approach.

Most attackers go after the low hanging fruit first. If WAMU uses tokens but CITI still relies on reusable passwords, which banking site will be targeted?
Thursday, March 17, 2005 at 9:50:00 AM GMT+1
Post a Comment

Popular posts from this blog

Sony is evil

I just so agree with Todd: Bad Company of the Year Award! : The company that I am putting at the top of my list is a 4 letter word so foul, that it has been banned from my home. I have asked my wife who is Japanese to refrain from buying any of their products for the next 5 years. The Bad company of the year is no other than SONY… Sony is just a big no-buy company. My girlfriend knows why Sony is evil and we both will rather buy a more expensive or less appealing product from a competitor. " Sony is evil " has only 726 hits on Google, but this will increase. Edit: More about the damage Sony does: Artists revolt against DRM Portable stereo's creator got his due, eventually
Post a Comment
Read more

Why did Microsoft cripple Groove?

I'm currently trying to use Microsoft Groove 2007 as a collaboration tool to gather requirements. What I like about tools like Groove is: - You can open and edit an entry without having to start an additional application (like word, excel) - You can copy and paste pictures (screenshots) directly into an entry - You don't have to save and re-attach changed files - You can work offline - Groove works inside and outside of our network out-of-the-box - We have (as a Microsoft Gold Partner) 100 licenses available What I don't understand about the current offering is that a lot of tools available in the last version have been removed: The following tools and toolsets are no longer available for adding to new or existing workspaces : Contact Manager, Discussion, Document Review, Outliner , Task Manager, Text, Tic- Tac -Toe, Web Links, Welcome Page, Advanced Project Toolset , and Mobile Workspace for SharePoint . (Source: Microsoft Office Groove Help) There is also a large set ...
3 comments
Read more

Passwords Alone Don't Protect Trade Secrets

Another proof that technology alone is not enough to keep important information secret; we'll have to establish policies and processes that explain people the meaning of tagging informaton confidential. Passwords Alone Don't Protect Trade Secrets : " A court ruled that simply password-protecting a file isn't enough to make it a trade secret. "
1 comment
Read more