Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Banks 'wasting millions' on two-factor authentication
John Leyden, The Register 2005-03-15

Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru.

Comments Mode:
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-15
Bruce K. Marshall (3 replies)
Yes, we must be concerned with the other avenues of attack on Web transactions. But Mr. Schneier shouldn't pretend that beefing up authentication is without merit. We have decent countermeasures to MITM and trojan attacks now. It is called SSL and anti-virus/spyware software.

What we don't have is an industry accepted standard for enforcing good password selection -- a truly sad predicament. And since two-factor authentication effectively eliminates that concern we can actually start deterring script kids that just grab a password combo list off the Internet.

There will be sophisticated attackers who will still commit fraud using keystroke loggers, phishing attacks, session ID prediction, etc. But we haven't given up on any other security solutions just because we knew it would only raise the bar and not eliminate the risk.

Bruce K. Marshall

www.PasswordResearch.com

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/10694/30897#30897
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-15
bwatson_at_nettracers.com
SSL 2005-03-16
Rory Alsop
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Comic Book Guy
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Lavid Detterman
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Don't we all have one of these guys at work? 2005-03-15
Anonymous
There is no solution though 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Marcus Augustus
Banks 'wasting millions' on two-factor authentication 2005-03-16
LiquidBrain
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymos
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymos
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
so called "expert" 2005-03-16
Anonymous (1 replies)
Re: so called "expert" 2005-11-18
twofish
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Scott, posted by Fred
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
It's too late.... 2005-03-16
en0k
Banks 'wasting millions' on two-factor authentication - Holy Grail 2005-03-16
Anymouse
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-17
lovebug.org







 

Privacy Statement
Copyright 2008, SecurityFocus