Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Banks 'wasting millions' on two-factor authentication
John Leyden, The Register 2005-03-15

Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru.

Comments Mode:
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-15
Bruce K. Marshall (3 replies)
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-15
bwatson_at_nettracers.com
SSL 2005-03-16
Rory Alsop
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Comic Book Guy
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Lavid Detterman
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Don't we all have one of these guys at work? 2005-03-15
Anonymous
There is no solution though 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Marcus Augustus
Banks 'wasting millions' on two-factor authentication 2005-03-16
LiquidBrain
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymos
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymos
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
so called "expert" 2005-03-16
Anonymous (1 replies)
Re: so called "expert" 2005-11-18
twofish
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Scott, posted by Fred
It sounds like Bruce is saying that due diligence (such as hard tokens) is not worth the expense or effort simply because it will not keep out a determined intruder? Why do we bother putting fences around secured buildings - it will most certainly not stop a determined intruder, he will simply climb over or break through it - what it does do however, and does very well, is keep out the majority of intruders that feel that the effort is not worth the gain - and at the very least it will slow down the determined intruder (and as you know - time is everything when trying to stop an intruder, a honey pot does not stop him, but does slow him down enough for you to formulate and effective block or counter strike.....). I am very disappointed in Bruce, ever since I read "secrets and lies" I have held his opinion in the highest regard but know I think he should stick to encryption - due diligence is obviously not his strong point....

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/10694/30941#30941
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
It's too late.... 2005-03-16
en0k
Banks 'wasting millions' on two-factor authentication - Holy Grail 2005-03-16
Anymouse
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-17
lovebug.org







 

Privacy Statement
Copyright 2009, SecurityFocus