Three or four years ago Howard Schmidt commented that we should have moved away from username and password as an authentication mechanism years before. I recall nodding in agreement with his statement. So I was hardly surprised when the The Federal Financial Institutions Examination Council (FFIEC) issued its guidance calling for the use of second-factor authentication in online banking. In the view of many vendors, this guidance — after an earlier FDIC advisory on internet banking security — “represents a definitive step toward eliminating single-factor authentication by financial institutions.” There are alternative views.
First, it is still "guidance." I would be the last to tell you not to give it your full attention. My regulator, for instance, has made it very clear that we are expected to be "in substantial conformance by December 31, 2006." But the FFIEC did not mandate second-factor authentication. They did ...
Hi! You've reached one of our premium articles. This is available exclusively to subscribers.
It's free to register, and only takes a few minutes.
Once you sign up you'll have unlimited access to the full catalogue of Australia's best business IT content, as well as a daily news bulletin delivered straight to your inbox.
Already have an account? Log in to read this article.