ITEC 6323 | ITEC 6324 Security entry for the week of October 31, 2005
I found a very interesting article about the Federal Financial Institutions Examination Council, an interagency body that oversees the financial services industry. The title of the article is, "FFIEC report pans passwords." The article is from the online version of eWeek magazine.
The point of the report is that single-factor authentication is not a good control mechanism for web-based banking. Multifactor authentication, such as a username/password plus a smart card, is the recommendation of the group. They want the banking industry to be proactive about this.
I see a problem because people already have too many passwords so them having to remember more information or use an extra piece of technology (such as a smart card) will retard the growth of online banking. However, if nothing is done, eventually identify theft and phishing will also retard online banking. So the financial sector is stuck between a rock and a hard place!