U.S. Regulators Require Two-Factor Authentication for Banks
Two-factor authentication is coming to U.S. banks:
Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.
Bank Web sites are expected to adopt some form of “two-factor” authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.
Here’s more details.
This won’t help. It’ll change the tactics of the criminals, but won’t make them go away. I’ve written about that already (the short version is that two-factor authentication won’t mitigate identity theft, because it’s not an authentication problem—it’s a problem with fraudulent transactions), and also about what will solve the problem.
piglet • October 19, 2005 3:24 PM
Wow, I’m the first!!!!!
Bruce, your thesis that “two-factor won’t help” has been discussed extensively in this forum. Frankly, I am tired of it, and I won’t repeat the arguments that have been brought forward here on many occasions. What I would like to suggest is the following:
1. Please respond to your critics instead of repeating the same ol’ story all over again
2. Present some empirical, real-world evidence. Two-factor-authentication is not a theoretical issue. It has been tried and perfected for many years in several countries so if it “doesn’t help”, then there should be some empirical evidence that fraud rates are not affected by the use of a well-designed two-factor system. If there is any such evidence, please let us know. If not, let us know.