Stronger Onlne Bank Security

The AP reports that U.S. federal regulators have sent a letter to banks saying they should go beyond passwords to two-factor authentication by the end of 2006. There are all sorts of possibilities for what the other factor might be, from cell phone acks to a physical gizmo that emits a code to use. I’m betting banks will ask what your last payment for x purpose was.

Dan Gllmor reports a bank he used only a few years ago still used social security number as logn name. He says:

I don’t keep much money at that bank anymore.
Banks are probably worried that more people will do what Dan did, thus limiting their online reach.


2 thoughts on “Stronger Onlne Bank Security

  1. Axel Eble

    Two factor authentication in itself doesn’t cut it. It’s transaction authorization that’s needed: every transaction has to be authorized by two-factor authentication, possibly with one-time passwords (be they pre-shared lists of OTPs or on-the-fly generated ones).
    This would make life for phishers so much harder (and it’s actually something that’s implemented all over Europe in a more or less pervasive manner).

Comments are closed.