Two-factor authentication will not help to reduce soaring phishing levels, experts at the e-Crime Congress in London warned today.
One UK bank is currently considering the introduction of two-factor authentication, where customers receive a key fob which displays a constantly changing password that allows them to access their online accounts.
But the technology received a resounding thumbs down from experts at the conference, despite being widely touted as the next generation of user security.
"There are a whole bunch of things that can go wrong with two-factor authentication," said Ross Anderson, professor of security engineering at Cambridge University's Computer Laboratory.
"Banks are resisting because their technical staff know that it will be expensive to introduce and will not be effective. Some banks will introduce it, it will be quickly broken and then quickly forgotten."
Anderson explained that two-factor authentication is vulnerable to so-called 'man in the middle' attacks in which a phishing site takes the pass code and uses it immediately.
Customers would also be vulnerable to muggings for their authentication tokens, and the technology would have no effect on other online crime.
Despite the technical failings of two-factor authentication consumer demand for the devices is high.
Joseph Sullivan, associate general council at PayPal, said: "We are looking at two-factor authentication.
"We were told that it would not be popular, but started a beta programme two months ago. Demand has far outstripped supply."
Experts rubbish two-factor authentication
By Iain Thomson on Mar 28, 2007 10:27AM