Two-factor authentication – Getting Security basics right

I have online accounts with many financial institutions and I do most of my transactions online. Being a security conscious user, I take all precautions for using strong and different passwords along with managing my passwords in a secure way. But frankly, all these are too much complicated. The fear of mis-managing the passwords and possibility of your bank account being pilfered remains.

 

Password based authentication is past its use-by-date. With the current advances in technology and skills, password authentication is like providing passbook to the person who mentions the account number (an unsophisticated but a real life example in non urban banking in India till couple of years back). I am not going into the details of how a password can be cracked or known by others. The main problem is that once password is known, the intruder's job is done and he has uninterrupted access.

 

Two-factor authentication alleviates this adding one more factor for authentication. Along with password (which you know), you need to provide information based on what you have. One of my bank has given me security token which generates an unique number every time I press a key. I need to enter this number along with password for authentication. So even if my password is compromised, an intruder cannot login as he does not have this token and cannot specify the unique number. Of-course there are various other ways to provide the second factor in authentication based on what you have (software based token, phone, cell phone). Again the advantages are same.

 

Note that two-factor authentication is not solution for ‘Man-In-Middle’ or Trojan attacks. Both of these attacks will not need your the input passwords or unique numbers. These attacks which take place with the help of phishing are more active threats to be worried about. But that is a topic for another post.  

 

In summary, by using two-factor authentication, we are just strengthening the already existing security mechanism against a known threat and not really dealing with any new threats. So in that way two-factor authentication has become a first step in any security implementation.

 del.icio.us  Stumbleupon  Technorati  Digg 

 

What did you think of this article?




Trackbacks
  • No trackbacks exist for this entry.
Comments
  • No comments exist for this entry.
Leave a comment

Comments are closed.