British Banks Provide Clients Extra Web Security

Most people rely on passwords to prove their identity online. However, in an era in which personal information can be easily stolen through key stroke recording or "phishing" attacks, passwords may no longer be up to the task of providing adequate security. In order to increase the security of its online customers, a number of British banks are moving towards a "two-factor" authentication standard to be used for online banking. "Two-factor" systems use both a traditional password together with a hardware-based device to authenticate the identity of the user. Although hardware-based identification devices are not new, widespread implementation has been retarded by the lack of agreed standards. Without such standards, it is impossible to ensure that devices made by different manufacturers will communicate with every other system. One only needs to think of a debit card system in which cards will only work with machines from their issuing banks, to understand the importance of an agreed standard. A single standard has the effect of lowering costs for those adopting the system and lowering customer frustration as they are spared carrying pockets full of identification devices. The banks involved in this project are one of the first groups to work together on a standard for a hardware-based identification device that will be used by more than one organization. Precise details of the two-factor device should be agreed in May, with the banks expected to roll out devices within nine to 12 months. For news articles on the topic, visit: http://makeashorterlink.com/?B6402542B; and http://news.zdnet.co.uk/internet/security/0,39020375,39196891,00.htm For a view that two-factor authentication is "not the solution", see: http://news.zdnet.co.uk/internet/security/0,39020375,39191511,00.htm Summary by: Sue Diaz