Site icon Liquidmatrix Security Digest

From Schneier: Bank Botches Two-Factor Authentication

From Bruce Schneier’s weblog:

From their press release:

The computer was protected by two layers of security, a unique user-identifier and a multiple-character, alpha-numeric password.

Um, hello? Having a username and a password — even if they’re both secret — does not count as two factors, two layers, or two of anything. You need to have two different authentication systems: a password and a biometric, a password and a token.

(nb. I added in the italics)

This made me laugh my ass off. Thanks Bruce. You made my Friday.

Article Link

[tags]Bruce Schneier, Two Factor Authentication, Internet Banking[/tags]

Exit mobile version