, The Register 2005-03-15
Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru.
Expand all |
Post comment
I'd hardly call even a temporary drop in fraud "wasting millions"
2005-03-15
Bruce K. Marshall (3 replies)
Bruce K. Marshall (3 replies)
I'd hardly call even a temporary drop in fraud "wasting millions"
2005-03-15
bwatson_at_nettracers.com
bwatson_at_nettracers.com
For example, I could spoof an SSL website for a bank and even with an SSL security warning, probably 75% of people accessing the site would ignore the warning and continue anyway. How do you prevent that?
The average Jane/Joe computer user just wants security taken care of for them without having to think about it.
What we need is a way to have 100% enforcement in the background without the end users having to make any choices.
Of course until people/companies really start losing massive amounts of money due to fraud, probably nothing will happen.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/10694/30907#30907