Secret Knock Can't Be Far Behind
The UK's Barclays Bank is beginning to use two factor authentification for transactions online to combat fraud. They are supplying 500,000 customers with a PINsentry device that would make it imposible for a phishing scam to clean out your bank account by simply getting their hands on your log-in password.
While broadly welcomed, many in the industry have been concerned at the slow introduction of two-factor authentication.
"It has taken banks a while to get round to tokens because it is a cost to them," said Tony Redmond, chief technology officer at HP Services and HP Security.
"Some bankers have said that this is because it is more expensive to introduce tokens than the cost of the fraud because they can offset the losses against tax.
"But they are now being forced to introduce them because of the damage to reputation."
You really can't have too much security on your bank accounts if you bank online. Two factor authentification wouldn't stop so-called "man-in-the-middle" realtime attacks, but the vast majority of stolen information is collected for use at a later time, and so would be made useless. PayPal is also considering using two factor authentication, and is in a beta testing program right now.
