Sep 13, 2008

LinkedIn Q&A : What are convenient and secure ways to identify a person on line immediately for a financial institution without using a token?

"convenient" and "secure" don't usually go hand in hand :)

Like many people, I can access my bank account information using a secure web connection (https) and a login/password combination. This provides some security, but not solid authentication : if my password is stolen, anyone could access my account without actually being me :)

Using multi-factor authentication (secret code/password + token/smartcard + biometrics) is much more secure, but raises many issues (cost, complexity, standardization, user acceptance, etc). Let's hope that it won't take a disaster for awareness to grow. Stolen credit card numbers are bad enough. Can you imagine massive criminal access to online bank accounts and records? OMG.

Here are some recommendations from the US Federal institutions to financial institutions.

No comments:

Post a Comment