BEST OF THE WEB

Two banks join the movement to two-factor authorization

For the past 12 months the number of organizations adding two-factor authentication to their login process has increased thanks to the increasing number of hackers breaking passwords.

The latest, according to a report in PCWorld.com, are two U.S. banks, which have joined Google, Apple, Facebook and others in offering the improved security to customers.

Two-factor authentication requires two pieces of identification – broadly speaking, something you have (a card or a special number) and something you know (usually a password).

In practice, users have to set up logins so a Web site generates a random number sent to a smart phone, which gets entered at the time the password is typed in. Some organizations with demanding security require employees to carry a wireless key fob with them that will receive and display the random number.

Smart phones are ideal for this purpose because an increasing number of people carry them.

To make things practical, two-factor identification is needed only the first time on the user’s regularly-used computer; two-factor is needed when an attempt is made to login from another PC.

It’s not without flaws: If someone steals your computer they could bypass your PC login by booting into safe mode, scan the system for passwords and thus get around the two-factor process. Enabling the Bios password on the PC can make that a little more difficult, although one IT consultant we talked to noted that pulling the CMOS battery will let someone reset the Bios configurations. “There is no foolproof way of lock down a computer,” he wrote.

There is another possible problem: Wrong smart phone number or wrongly dialed numbers, or even handsets turned off. One solution just announced comes from British-based Tyntec, which on Monday announced software called OTP SMS for app developers, financial institutions, carriers, Internet companies and enterprises. The software verifies mobile numbers before transmitting one-time passwords.

Tyntec estimates 13 per cent of one-time passwords fail to be delivered to end users.

But two-factor authentication is an improvement over the common passwords banks and social media sites currently require on their Web sites.

Still, experts say to really foil hackers biometric-related authorization using fingerprints, iris scans or voiceprints will soon be needed to assure people of Web site security.

Read the full story here

Just as this story was published British-based Tyntec announced

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web