Using two factor authentication: How Safe Do You Wanna Be?
Photo by: alt1040
Customers of Abbey Bank, UK, were quizzed about the nature of online security system they would like the bank to provide to make online transactions safe. An overwhelming two-third of the participants voted against the bank having a two factor authentication system in place for them.
A two factor authentication system requires a user to authorize access to online transactions in two ways. Firstly, using the ordinary login password or PIN and the other by feeding numbers generated by an extra piece of hardware carried along by the user like a token or a smart card. This number would be recognized by the system as it is wired to work in tandem with the tokens or the cards. The numbers change every minute so even if phishers are able to break through and get hold of one number, it would not be useful to them as the number would be valid for just one transaction.
Many banks in the UK (Royal Bank of Scotland, Lloyds, Barclays) are presently using the two factor authentication system to verify online transactions. White House Security also decided recently to employ this system to regulate access. But Abbey customers seem to want none of it.
Customers want online security systems that are foolproof and easy to use
Their main grouse is that while the system does bring in a measure of security, it is however cumbersome for use. Using the system would mean one extra piece of hardware that you would have to carry along wherever you go. And they figure, since it still does not make their transactions foolproof, it is not worth the effort to carry along.
One of the other options present nowadays is the two channel authentication, which apart from overcoming the need to carry extra piece of hardware, is also more robust than the two factor system. The most popular way the system is used is through mobile phones of customers. Whenever customers logon to conduct a transaction, the system would require confirmation from them via SMS before proceeding with the transaction.
While this is better than the two factor system, it still does not present foolproof security. The system is known to be vulnerable to attacks of the Trojan or the Man-in-the-Middle kind.
The other option available is to use Biometrics and authenticate transactions by using, as it is said, what customers are or what they do. This is done by using such physical characteristics like their eyes, voice or facial contours and more popularly, their fingerprints to verify their identity. But this system too has its own drawbacks.
An Ultimate Online Security System is Unreal
In such a scenario, our quest for finding an ultimate security solution will be a misleading one. Contrary to what online advertisements on online security systems would have you believe, no system is unbreakable. It is a question of time when criminals can come up with a way to get around any system. It is a question of how practically useful a method is before they start using it for illicit gains.
A new system may temporarily reduce online crimes of a certain kind. But it would be far-fetched to think that any system can hold up against criminals forever. I think it would be best to put up security measures in line with the gravity of risks you are exposing yourselves to. Taking this line, you can justify whether the money and effort that a new online security system might involve, would be worth it for you or not.
Read a valuable discussion going on since 2005 on the value of two factor authentication and taking a larger perspective on the security issue.
Related posts:
- Barclays Bank Phishing Scam: A shot in the dark?
- Internet ID Card: Personal tool from Siemens IT Solutions and Services and AXSionics promises to curb online con!
- Anti Bot Software should add an extra edge to online security systems
- Death Threat Email: Did you get one recently?
- Safe Online Banking Tips
