Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Banks 'wasting millions' on two-factor authentication
John Leyden, The Register 2005-03-15

Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru.

Comments Mode:
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-15
Bruce K. Marshall (3 replies)
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-15
bwatson_at_nettracers.com
SSL 2005-03-16
Rory Alsop
I'd hardly call even a temporary drop in fraud "wasting millions" 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Comic Book Guy
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Lavid Detterman
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Don't we all have one of these guys at work? 2005-03-15
Anonymous
There is no solution though 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-15
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Marcus Augustus
Banks 'wasting millions' on two-factor authentication 2005-03-16
LiquidBrain
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymos
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymos
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
so called "expert" 2005-03-16
Anonymous (1 replies)
Re: so called "expert" 2005-11-18
twofish
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Scott, posted by Fred
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
It's too late.... 2005-03-16
en0k
Banks 'wasting millions' on two-factor authentication - Holy Grail 2005-03-16
Anymouse
Banks 'wasting millions' on two-factor authentication 2005-03-16
Anonymous
Banks 'wasting millions' on two-factor authentication 2005-03-17
lovebug.org
I would tend to have to agree with some of the previous posts. I really do not see why two-factor authentication is useless when this article is about people who simply supply a username and password. There is no two-factor authentication occuring.

However, even with two-factor authentication it is possible to piggyback through a trojan or something of that nature. However, that does not make it useless. It would then requrie that person to actively be watching for this connection to occur and take advantage of it while the session was still valid -- assuming this did not cause some sort of intrusion detection as a result of multiple simultaneous requests. I mean two-factor authentication is also useless if someone has a gun to my head and is forcing me to login for them.. so what?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/10694/30961#30961




 

Privacy Statement
Copyright 2009, SecurityFocus