Friday, November 11, 2005
The online security most people know, username plus password, is one-factor authentication. It’s a combination that cannot withstand the threat of online identity thieves, who easily crack the one-factor system. Multifactor authentication does a much better job of counteracting the sophistication of identity theft. Reports indicate federal regulators have recognized multifactor authentication’s promise and have put the banking industry on notice to implement multifactor technologies. It’s a savvy move against a prolific crime.
Multifactor identification is the best, most accessible weapon we have against identity thieves. The banking industry—in fact, any industry that conducts transactions online—owes the public the protection from identity theft that multifactor authentication provides.
Multifactor authentication calls for additional verification, beyond the security of a password, from the consumer. An Oct. 27 article in InformationWeek’s Wall Street & Technology [link unavailable] reported that regulators from the Federal Reserve and Federal Deposit Insurance Corp. have given “banks until the end of 2006 to implement two-factor authentication.”
Consumers cannot give multifactor verification for their transactions unless the companies with which they transact make it possible. And for this, regulators are right to require two-factor authentication. Consumers can do a number of things to protect their identities online, but the onus of responsibility for stopping identity theft is with industry.
Two-factor and multifactor authentication have been gaining momentum for a while. The October 2005 issue of Banking Technology [link unavailable] reported that the bank Lloyds TSB will be conducting a two-factor authentication trial with 30,000 of its 2 million customers.
The push for two-factor and multifactor authentication has been growing for a while, and with good reason. Studies will probably lend credence to multifactor authentication’s benefits.
We simply cannot fight identity thieves anymore with passwords and usernames. To try to do so is silly. Just like signatures, our antiquated system for authenticating off-line transactions, usernames and passwords are quaint ways to protect ourselves against criminals in today’s online environment.