Online security: When two factor fails

Online security is only as secure as its weakest link. Most Web sites require only a user ID and password for access. This is secure unless someone else gets ahold of this information. That's why some financial institutions have started issuing hardware tokens with randomly generated numbers synced up to a server at the bank; in addition to providing a username and ID, the customer must also provide the numbers currently displayed on the token. This too is secure unless someone gets in the middle.

...A password is commonly known within the security field as "something you know." With the advent of keystroke loggers and phishing attacks, it's possible that someone else might know your password as well, so two-factor authentication means that you have a second way to prove your identity. Often this is "something you have," like a fingerprint or a debit card. When you go to a point of sale or a bank ATM, you offer your debit card (something you have) and your PIN (something you know). In the real world, this is basically secure. Security Watch: When two factor fails - CNET reviewsSecurity Watch: When two factor fails - CNET reviews

Linked by shanmuga Monday, 17th July 2006 1:42AM