Two-factor authentication

July 2006 Access Control & Identity Management

A flood of new security attacks targeting banking customers over the last 12 months has forced organisations or regulatory bodies to introduce new directives covering the recommended use of two-factor authentication by online banks by the end of 2006.

These groups believe that single-factor authentication (the use of a username and password) is now inadequate to protect users against recent Internet scams such as phishing, pharming and RAT attacks. By the end of 2006, many Asia, and all US online banks will be required to implement two-factor authentication, which relies on something the consumer has, such as a token or smartcard to more strongly identify the individual.

The big challenge that banks now face, is how to quickly introduce two-factor authentication, but ensure that the chosen method is convenient enough for broad consumer adoption while keeping costs down.

Two-factor authentication (2FA) augments user knowledge (usually in the form of a username and password) with the requirement to carry a personal possession, which is used to receive a one-time (single-use) password. Two-factor authentication also brings added business benefits, by increasing the dialogue between the brand and the customers. This enables companies to:

* Maintain customer trust and loyalty by providing a secure online banking solution.

* Reduce fraud, and the associated costs incurred through recovery and administration.

* Protect and strengthen their brand by minimising the risk of online identity fraud.

* Capture valuable customer data, and send marketing information to registered customers.

* Attract new customers - with a convenient, secure and easy-to-use solution.

Consumer convenience

Although two-factor authentication solutions have been available for a number of years, they have utilised proprietary pieces of hardware such as authentication tokens or key-fobs. Although sufficient for authenticating hundreds of users, hardware tokens prove too costly to deploy in consumer environments for the following reasons:

1) Each token needs to be securely delivered to the consumer through a parcel service such as UPS or FedEx.

2) Hardware tokens are proprietary, and hence expensive, commonly costing in excess of $50 each.

3) Hardware tokens have a limited lifespan, and regularly break, or lost or misplaced, rendering the user helpless.

Several large financial institutions are now starting to implement two-factor authentication, to re-establish trust with their users, fearing that if nothing is done profits will be lost, customer confidence will drop, and the brand will be damaged for long-term disadvantage.

Summary

According to recent surveys, identity theft is seeing the largest increase over any other kind of crime worldwide. Depending on what methods of security are implemented by the organisation you are doing business with and what relationship you have with them, secure access can be achieved. Securing access from any location, using any device is not an impossible task but can be overcome by thinking about how users access applications and data in a real-world scenario. Only then can user trust be re-established and all the benefits of using online communications can come true resulting in maximum customer satisfaction, speedy collaboration, and significant competitive advantage.

Robin Gertsen is the senior product marketing manager at PortWise.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The future of security: intelligent automation
Access Control & Identity Management AI & Data Analytics IoT & Automation
As the security landscape evolves, businesses are no longer looking for stand-alone solutions, they want connected, intelligent systems that automate, streamline, and protect.

Read more...
Smart automation is changing security
SA Technologies IntelliGuard Access Control & Identity Management
Security has come a long way from manual check-ins, logbooks, and standalone surveillance cameras. With the rise of intelligent automation, security is now faster, smarter, and more connected than ever.

Read more...
The future of security in South Africa
ATG Digital Access Control & Identity Management
Security technology is evolving rapidly, but is local innovation keeping pace? Some global players recognise the potential of South African products for international markets, but can our manufacturers and service providers thrive without external support?

Read more...
Integration enhances estate access control
Access Control & Identity Management
With one-third of residential burglaries starting at the front door, the continued seamless integration of Glovent’s estate management platform with Impro access control software is welcome news for estates.

Read more...
T&A in South Africa’s retail sector
ERS Biometrics Access Control & Identity Management
Using existing systems, ERSBio provides a practical and more cost-effective way for businesses to manage operations, reduce payroll mistakes, and enhance overall efficiency through innovative T&A processes.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Paxton opens second experience centre
Paxton News & Events Access Control & Identity Management
Security technology manufacturer, Paxton, has opened a new experience centre in Cape Town on 12 February in partnership with its exclusive distributors, Reditron and Regal Security.

Read more...
DoorBell with built-in AI
Ajax Systems Access Control & Identity Management Products & Solutions Smart Home Automation
Ajax Systems has announced the release of Ajax DoorBell, which features built-in AI, an IR sensor, and app control, seamlessly integrating into the Ajax ecosystem to ensure efficiency and security confidence.

Read more...
Physical security evolving beyond security teams
ATG Digital Access Control & Identity Management
The landscape of physical security is undergoing a major shift. Traditionally, selecting access control and visitor management solutions fell squarely on the shoulders of security professionals, but today includes legal, IT, technical operations and more.

Read more...
A passwordless future?
Access Control & Identity Management
The digital landscape is evolving rapidly, and with it comes the urgent need for more secure authentication methods. Passwords, once the cornerstone of online security, are now easy targets for cybercriminals.

Read more...