Our friends over at worse than failure have posted a pretty funny article about implementing “bank-level security”.

The idea behind Two-Factor authentication isn’t too complicated. Simply (1) verify that a user knows something, and (2) verify that he physically has something. This could be done with a (1) name and password, and (2) one of those key fob things or even a print-out of one-time use codes.
Banks, however, weren’t too happy with the requirement of implementing such “costly” changes and instead chose to invent the Wish-It-Was Two-Factor authentication. In this method of authentication, they (1) verify that a user knows something, and (1, again) verify that a user knows something else.

Two-factor security does not mean you know your password and your high school mascot; it means you know something and have something. Hopefully the FFIEC will consider holding banks more stringently to their standard.

This entry was posted on Tuesday, September 25th, 2007 at 9:09 am by Peter Hesse and is filed under rants. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.