Banks 'wasting millions' on two-factor authentication

Banks 'wasting millions' on two-factor authentication
John Leyden, The Register 2005-03-15

Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru.

Expand all | Post comment

I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-15
Bruce K. Marshall (3 replies)

I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-15
bwatson_at_nettracers.com

SSL 2005-03-16
Rory Alsop

Sadly SSL is not a cure for MITM attacks. There are easy to use tools available on the Internet which allow the hijacking of SSL sessions, spoofing to redirect communications, and the easiest option - exploitation of the end user's PC (by Trojan or similar): compromise of the end point removes almost all layers of protection. SSL certainly becomes pointless in that scenario.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/10694/30930#30930

I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-16
Anonymous

Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous

Banks 'wasting millions' on two-factor authentication 2005-03-15
Comic Book Guy

Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous

Banks 'wasting millions' on two-factor authentication 2005-03-15
Lavid Detterman

Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous

Don't we all have one of these guys at work? 2005-03-15
Anonymous

There is no solution though 2005-03-15
Anonymous

Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous

Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous

Banks 'wasting millions' on two-factor authentication 2005-03-16
Marcus Augustus

Banks 'wasting millions' on two-factor authentication 2005-03-16
LiquidBrain