Friday, September 25, 2009

The Password is...Two Factor Authentication



Editor's Note: Sounds like the author of this article is my kind of guy...



1. Take everything he says about "company passwords" and apply it to "online banking



2. Then combine what he says with the ongoing and growing threats caused by Trojans which eat up online banking credential like PacMan swallows dots...



3. Now take into account (pun intended) that 49% of all online banking customers would switch banks if they or someone they know was a victim of a breach.



4. Add to the equation the fact that there is a a lawsuit claiming that Citizen Bank's "username" "password" authentication was too weak to protect a customers account integrity...which a judge ordered to go to trial.



5. Finally, examine how much banks are spending on not only losses incurred by fraud, but all the useless promotions banks run, such as $100, $150 and $200 cash giveaways, DVD's, LCD TV's, Smokey Joe Grills...iPod's, GPS Systems, etc. None of those promos protect either the bank or the online banking consumer.



It doesn't take a wild (or vivid) imagination to envision how logical it is to stop giving away $150 to get a new customer and start protecting the ones you have. Give away a HomeATM so they can Swipe Their Card/Enter Their PIN (the same way they pull cash from an ATM)



Banks would retain their current customers (vs. risking 49% of them) and the bank would attract the 49% who leave banks because they DON'T HAVE Two-Factor Authentication.



Like I've been saying...it's a no brainer! 








"Two-factor authentication is bound to supersede traditional physical layer security, providing numerous reseller opportunities"



Written by John Turner  - CRN, Sep 2009



Company passwords are only secure if strict policies control how they are used and formulated. Because a password change is required every 60-90 days, users often resort to writing down passwords. But they can be guessed and stolen easily, which leaves businesses open to threat.



HID Technology estimates that password resets cost businesses $200 (£121) per user per year in lost time and productivity.




Investment in two-factor authentication (2FA) may provide a solution, along with healthy reseller margins.

Combining a PIN with a second factor (a card) increases security as well as user convenience. Instead of having to remember a 10-character password, users can use a card and PIN ­ just as if they were at a cash machine.





This provides an extra layer of protection; the other provides a backup.  And setting up two different authentication systems that work in tandem means resellers that can provide installation support will be one step ahead.  There are numerous opportunities available around 2FA to increase margin and expand offerings.



As system administrators are beginning to wake up to the dangers of relying solely on usernames and passwords, 2FA is proving to be a viable solution to improve security, lower costs, mitigate risk and strengthen compliance for end-user organizations.




With solutions available that are not only secure, but also affordable and simple to install and maintain, the reseller opportunities are similarly beginning to measure up.




John Turner is head of IP physical security at Computerlinks





Reblog this post [with Zemanta]

Disqus for ePayment News