Experts rubbish two-factor authentication

By

Technology will not cut phishing, e-Crime Congress hears.

Experts rubbish two-factor authentication
Two-factor authentication will not help to reduce soaring phishing levels, experts at the e-Crime Congress in London warned today.

One UK bank is currently considering the introduction of two-factor authentication, where customers receive a key fob which displays a constantly changing password that allows them to access their online accounts.

But the technology received a resounding thumbs down from experts at the conference, despite being widely touted as the next generation of user security.

"There are a whole bunch of things that can go wrong with two-factor authentication," said Ross Anderson, professor of security engineering at Cambridge University's Computer Laboratory.

"Banks are resisting because their technical staff know that it will be expensive to introduce and will not be effective. Some banks will introduce it, it will be quickly broken and then quickly forgotten."

Anderson explained that two-factor authentication is vulnerable to so-called 'man in the middle' attacks in which a phishing site takes the pass code and uses it immediately.

Customers would also be vulnerable to muggings for their authentication tokens, and the technology would have no effect on other online crime.

Despite the technical failings of two-factor authentication consumer demand for the devices is high.

Joseph Sullivan, associate general council at PayPal, said: "We are looking at two-factor authentication.

"We were told that it would not be popular, but started a beta programme two months ago. Demand has far outstripped supply."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?