Friday, October 21, 2005

Schneier on Security: U.S. Regulators Require Two-Factor Authentication for Banks:

Two-factor authentication is coming to U.S. banks:

Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.

Bank Web sites are expected to adopt some form of 'two-factor' authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.

Here's more details.

This won't help. It'll change the tactics of the criminals, but won't make them go away. I've written about that already (the short version is that two-factor authentication won't mitigate identity theft, because it's not an authentication problem -- it's a problem with fraudulent transactions), and also about what will solve the problem.

(Via Schneier on Security.)

No comments: