Friday, April 17, 2009

2FA is Needed for Online Services

Will 2FA use transcend online banking? : News : Security - ZDNet Asia
Will 2FA use transcend online banking?
By Vivian Yeo, ZDNet Asia
Friday, April 17, 2009 07:25 PM

SINGAPORE--Two-factor authentication (2FA) is starting to become available for online services other than banking and remote logon to corporate networks, but it remains to be seen whether consumers will take to it.

Local security technology firm Data Security Systems Solutions (DSSS), is set to showcase a new two-factor authentication service for online services at the RSA Conference next week. Called BetterThanPin, the service is unique in that it allows consumers, rather than service providers or enterprises, to initiate stronger authentication for the online services they deem important, said Tan Teik Guan, the company's chief executive and chief technology officer, in an interview Friday with ZDNet Asia.

The BetterThanPin service requires a user to create an account on the BetterThanPin portal and register the online accounts. (Editor's Note...IMHO, that makes it "worse than PIN" because it's done on the web.  Anything done in the browser space is hackable.)

During the sign-up process, the user is also asked to select the preferred mode or token of receiving the weekly-generated passwords. These temporary passwords--six-digit numbers--will be added to the string of characters in a user's static password for a particular account.

According to Tan, the service currently only allows users to initiate 2FA for their Gmail accounts. However, it is also ready to manage Facebook accounts, and there are plans to include Yahoo Mail and Skype to BetterThanPin. The service is also envisioned to be compatible with hardware and software tokens.

Starting next week, DSSS will initiate a trial for Gmail users, he added. The company is targeting 1,000 users of different demographics globally to participate in the trial, which will last till August.

"From the feedback, we will decide whether to continue [developing] the service [and] what [other] online services to ready [it for]," said Tan.

The company has so far been focused on developing BetterThanPin, which uses existing authentication technology by DSSS, and paid scant attention to the commercial viability of the service, admitted Tan. However, he said the service could eventually be offered through the cloud by service providers, in individual enterprise deployments such as Intranet sign-in or directly to individuals.

Should DSSS market the service direct to consumers, it may include advertisements sent with the temporary passwords as it would not be realistic to offer the service for free long-term to consumers, he noted.

DSSS is not alone at trying to introduce stronger authentication for online services. Last month, Vasco Data Security announced in a media release that customers of Square Enix would be offered stronger authentication to access content and services by the Tokyo-based video game company.

With the move, Vasco noted the popular massively multiplayer online role-playing game, Final Fantasy XI, would be the first online game in Japan to make use of one-time passwords for authentication.

Citing statistics released by Japan's Ministry of Internal Affairs and Communications in February, Vasco said there were nearly 2,300 cases of fraudulent access to online services in the country last year--a 26 percent increase year on year. Over half of the cases involved online auctions, while some 457 were related to online games.

Security vendors including Sophos and Symantec, have also, in the past, warned of cybercriminals tapping on malware such as Trojans to steal credentials of online gamers. With the growing number of online game sites and players, it was increasingly lucrative for malware writers looking to profit from online assets.

Continue Reading at ZDNETAsia





,

Disqus for ePayment News