From Bruce Schneier’s weblog:

From their press release:

The computer was protected by two layers of security, a unique user-identifier and a multiple-character, alpha-numeric password.

Um, hello? Having a username and a password — even if they’re both secret — does not count as two factors, two layers, or two of anything. You need to have two different authentication systems: a password and a biometric, a password and a token.

(nb. I added in the italics)

This made me laugh my ass off. Thanks Bruce. You made my Friday.

Article Link

[tags]Bruce Schneier, Two Factor Authentication, Internet Banking[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.