Three or four years ago Howard Schmidt commented that we should have moved away from username and password as an authentication mechanism years before. I recall nodding in agreement with his statement. So I was hardly surprised when the The Federal Financial Institutions Examination Council (FFIEC) issued its guidance calling for the use of second-factor authentication in online banking. In the view of many vendors, this guidance — after an earlier FDIC advisory on internet banking security — “represents a definitive step toward eliminating single-factor authentication by financial institutions.” There are alternative views.