From Bruce Schneier’s weblog:
From their press release:
The computer was protected by two layers of security, a unique user-identifier and a multiple-character, alpha-numeric password.
Um, hello? Having a username and a password — even if they’re both secret — does not count as two factors, two layers, or two of anything. You need to have two different authentication systems: a password and a biometric, a password and a token.
(nb. I added in the italics)
This made me laugh my ass off. Thanks Bruce. You made my Friday.
[tags]Bruce Schneier, Two Factor Authentication, Internet Banking[/tags]