-
Latest from the Blog
- PCI Compliance Expert to Address Petroleum Retail Industry
- Protecting Your Online Accounts in the Wake of a Hack
- Attorneys: Be Aware When Reviewing Emails in Outlook
- Information Security: There’s Not an App for That
- Join Us For a Webinar with our New Partner: Prism Microsystems
- Join Sword & Shield and Barracuda for Lunch
- Job Posting: Senior Consultant, PCI Risk & Compliance
- Job Posting: Senior Consultant, HIPAA Risk & Compliance
- Lunch at Club LeConte; Learn About Advanced Threats
- Sword & Shield to Partner with MAD Security
Archives by Date
Archives by Category
Blogroll
- Anton Chuvakin
- AverageSecurityGuy
- CloudAve
- DarkReading – All Stories
- Electronic Discovery Law
- Emergent Chaos
- Forensic Focus Blog
- HolisticInfoSec
- InfoSec Daily Podcast
- Jeremiah Grossman
- Rational Survivability
- SANS Application Security Street Fighter
- SANS Audit Advice and Resouces
- SANS Computer Forensic Investigations and Incident Response
- SANS Internet Storm Center
- SANS Mastering Windows (In)Security
- SANS Security Leadership Blog
- Schneier on Security
- SecuriTeam Blog
- Security Bloggers Network
- Security Catalyst
- Security Sociability
- Securosis
- Skeptikal.org
- Storefront Backtalk
- TaoSecurity
- Tenable Network Security
- The Ashimmy Blog
- Vitalsecurity.org
- Windows Incident Response
800-810-1885
Your Partner for a Secure Future
- Home
- Services
- Industry Solutions
- Products
- About
- Contact
- Blog
Security Testing
Risk and Compliance
Forensics and eDiscovery
Security Products
© 1997-2012 Sword & Shield Enterprise Security, Inc.
Multifactor Authentication for Online Banking
This week’s SearchFinancialSecurity.com has an article on two-factor authentication, with a special focus on banks. The article was written by Dave Shackleford, Sword & Shield’s new Director of Risk and Compliance. Dave was formerly CSO at Configuresoft Inc. and CTO at the Center for Internet Security, and has worked as a security architect, analyst, and manager for several Fortune 500 companies.
“It’s vital that banks and other financial organizations take the steps to implement secure multifactor authentication. Many different options are available, allowing even the largest organizations to add additional factors to identify legitimate users of Web-based banking and other applications. By not putting these solutions in place, banks risk penalties for non-compliance as well as possible liability claims and lack of consumer confidence in their online banking initiatives.”
Single-factor systems such as passwords and PINs are vulnerable to replay attacks. Someone can intercept your password – by looking over your shoulder, for instance, or using a keylogger that records every keystroke. That password can be sent over and over, so once they have your password they have all the information they need to impersonate you.
Two-factor authentication systems add an additional factor that can’t be replayed. The most common factor is a one-time password (OTP). That password can only be used once and typically has an expiration time. Even if someone intercepts it, they can’t use it later to replay your login credentials. The OTP is usually generated by a token on your keychain or in your wallet. A new option that’s proving popular involves having the OTP sent to your cell phone as a text message, eliminating the need to carry an additional device. Dave’s article explores these options and others.
Sword & Shield sells and recommends RSA Security’s SecurID two-factor authentication system. SecurID is available in a variety of hardware and software form factors, including BlackBerry software and the Authenticator On-demand, which sends the OTP to your cell phone. SecurID integrates with hundreds of firewalls, VPNs, network servers, databases, and other network systems. See RSASecured.com for a complete list. With the introduction of the SecurID appliance RSA two-factor authentication is now as simple as it is powerful.