Join the Community

22,087
Expert opinions
44,065
Total members
390
New members (last 30 days)
180
New opinions (last 30 days)
28,703
Total comments

Two-factor authentication isn't enough

  0 11 comments

A lot of people talk to me about two-factor authentication (2FA) as if it was a security panacea. But what about in the case of Man-in-the-Middle or Man-in-the-Browser attacks, or (as discussed in my last blog) when people choose weak passwords to control their access to potentially valuable information?

As cyber attacks become more complex and intelligent, and as we move towards an increasingly mobile society, two-factor authentication is no longer enough because sophisticated fraud simply leverages the authentication process.

This means using as many of the following visible and invisible reference points about the end user as is necessary, calculated against the perceived risk involved. This could be something they know (a PIN or password), something they have (a phone), something they are (for example your voice), and somewhere they are / are not (jurisdiction authentication based on proximity analysis).

Usage of the layers that go over and above the standard 2FA approach is becoming very real and increasingly necessary. For example, voice biometrics has been around for some time, but successful recent trials point towards much increased take-up in 2012, especially as the worries about privacy associated with proximity analysis can now be easily countered. My own company has two Europrise seals on data privacy, for example. Deploying multi-layered security is user-friendly in terms of security and the overall, end-user experience. As we move through 2012, I expect to see the focus shift definitively from 2FA to a more multi-layered mindset.

Organisations – banks, government agencies and companies – need to reach a position of knowledge and trust in their interaction with the public. They want assurances that the individual at that end point is the person he or she claims to be. Security is all about staying one step ahead of the fraudsters, and authentication alone can no longer guarantee this. Instead, organisations need to build up a fuller picture of the end user by taking a multi-layered approach to authentication in conjunction with transaction verification (where appropriate).

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,087
Expert opinions
44,065
Total members
390
New members (last 30 days)
180
New opinions (last 30 days)
28,703
Total comments

Trending

Kyrylo Reitor

Kyrylo Reitor Chief Marketing Officer at International Fintech Business

How to avoid potential risks when working with correspondent accounts

Kathiravan Rajendran

Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global

Is a Seamless Cross-Border Payment Future Possible?

Now Hiring