Slashdot Mirror

← Back to Stories (view on slashdot.org)

Banks to Use 2-factor Authentication by End of 2006

Posted by samzenpus on from the proof-positive dept.

Evil Grinn writes "As reported on Yahoo and elsewhere the Federal Financial Institutions Examination Council (FFIEC) has given a deadline of end-of-year 2006 for U.S. banks to implement two factor authentication."

6 of 313 comments (clear)

  1. One more damn thing to carry around by DrRobert · · Score: 4, Insightful

    I am really sick of all the convient things in life suddenly become too cumbersome to use. I would really, really hate to have a hard token to carry around. IT has so many band features:
    1. I have to carry it around
    2. I may lose it
    3. It will probably break
    4. Its code could be duped

    Too little security, too much inconvieniece

    1. Re:One more damn thing to carry around by ScentCone · · Score: 4, Insightful

      Too little security, too much inconvieniece

      But I'm betting you wouldn't sign a waiver relieving them of liability if you opt out of using their T-FA...

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:One more damn thing to carry around by LordPhantom · · Score: 5, Insightful

      Isn't that like, say, carrying around an ATM card like we do right now? Sure, a "sooped-up" ATM card if it had a rotating pin, but still an ATM card nonetheless - how is this -more- difficult than what we do now? I usually have my wallet handy somewhere, so is it really that big a deal?

    3. Re:One more damn thing to carry around by Tumbleweed · · Score: 4, Insightful

      how is this -more- difficult than what we do now

      What, you have a magnetic-strip card reader attached to your computer? Sure, no problem - we'll just mandate that all computers that want to access a bank online have to have one, or whatever hardware doohickey they decide to require.

      THAT's the real problem with this proposal. Much like extending Daylight Savings Time, politicians have no idea what impact this has on the real world - programmers that have to code this stuff, and in this really BAD case, new hardware that even the end user is required to now purchase.

      Bleh.

  2. Second factor Windows-only? by Anonymous Coward · · Score: 5, Insightful

    And what are the chances that the second factor (USB tokens or fingerprint readers, most likely) will have drivers for minority operating systems? I use Linux as my only operating system. Until now, I had no problems accessing my bank account or my credit cards online. Now, I fear I may have to start visiting the bank branch in person...

    The reason for my suspicion is that I used USB dongles for some expensive, proprietary software at my workplace, and on a whim I looked around for Linux drivers for the thing. Turns out that the manufacturer only supports Windows 2000 and XP, and no third-party drivers for other OS's exist.

  3. Silly by jesser · · Score: 4, Insightful

    This will cost every Internet banking customer money, time, and convenience. (RSA fobs are not free; if your bank gave you one for free, it will have to pass the cost on to you in some way.) Meanwhile, it will not significantly reduce the impact of phishing or pharming attacks; it will just force attackers to use the information gleaned from such attacks before the fob's digits expire.

    How about requiring banks to use https correctly, which would at least reduce the impact of pharming attacks?

    --
    The shareholder is always right.