Community
A lot of people talk to me about two-factor authentication (2FA) as if it was a security panacea. But what about in the case of Man-in-the-Middle or Man-in-the-Browser attacks, or (as discussed in my last blog) when people choose weak passwords to control their access to potentially valuable information? As cyber attacks become more complex and intelligent, and as we move towards an increasingly mobile society, two-factor authentication is no longer enough because sophisticated fraud simply leverages the authentication process. This means using as many of the following visible and invisible reference points about the end user as is necessary, calculated against the perceived risk involved. This could be something they know (a PIN or password), something they have (a phone), something they are (for example your voice), and somewhere they are / are not (jurisdiction authentication based on proximity analysis). Usage of the layers that go over and above the standard 2FA approach is becoming very real and increasingly necessary. For example, voice biometrics has been around for some time, but successful recent trials point towards much increased take-up in 2012, especially as the worries about privacy associated with proximity analysis can now be easily countered. My own company has two Europrise seals on data privacy, for example. Deploying multi-layered security is user-friendly in terms of security and the overall, end-user experience. As we move through 2012, I expect to see the focus shift definitively from 2FA to a more multi-layered mindset. Organisations – banks, government agencies and companies – need to reach a position of knowledge and trust in their interaction with the public. They want assurances that the individual at that end point is the person he or she claims to be. Security is all about staying one step ahead of the fraudsters, and authentication alone can no longer guarantee this. Instead, organisations need to build up a fuller picture of the end user by taking a multi-layered approach to authentication in conjunction with transaction verification (where appropriate).
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Alex Kreger Founder & CEO at UXDA
27 November
Kyrylo Reitor Chief Marketing Officer at International Fintech Business
Amr Adawi Co-Founder and Co-CEO at MetaWealth
25 November
Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.