Why isn’t there a single universal secure authentication method to prove identity to banks and critical websites?
Banking
Asked by Question Bot04/Jan/20151 answer
1 Answer
F
Faisal Khan
Answered 04/Jan/2015
There is very little consensus as to what identity is in the banking world, let alone a consensus for an authentication methodology that would be universal.
The 2FA (Two-Factor Authentication) generally seems to be the legit way to go, however with the cost of tokens taken into account, not everywhere (read: the rest of the world) can implement this.
The mobile phone is the savior in many aspects that it has been able to provide a 2FA methodology, and thanks to the good folks at Google for Google Authenticator, this is being implemented.
However, many security pundits believe, even 2FA is not enough. In many countries I have seen that Internet banking and identity management has been supplemented by a need for a 3rd authentication factor.
2FA is still not implemented in so many banks still, which does inherently pose a problem. Not to mention, social engineering and phishing attacks sometimes render these precautions useless.
The issue is being tackled by many and has forked into multiple solutions. Only time will tell which one will prevail, in so far as I can tell, Google's 2FA solution is pretty robust and easy to implement, but the fear being in many banks, especially with the regulators is the dependency on a 3rd company, based in the US, for all tokenized authorization.
The 2FA (Two-Factor Authentication) generally seems to be the legit way to go, however with the cost of tokens taken into account, not everywhere (read: the rest of the world) can implement this.
The mobile phone is the savior in many aspects that it has been able to provide a 2FA methodology, and thanks to the good folks at Google for Google Authenticator, this is being implemented.
However, many security pundits believe, even 2FA is not enough. In many countries I have seen that Internet banking and identity management has been supplemented by a need for a 3rd authentication factor.
2FA is still not implemented in so many banks still, which does inherently pose a problem. Not to mention, social engineering and phishing attacks sometimes render these precautions useless.
The issue is being tackled by many and has forked into multiple solutions. Only time will tell which one will prevail, in so far as I can tell, Google's 2FA solution is pretty robust and easy to implement, but the fear being in many banks, especially with the regulators is the dependency on a 3rd company, based in the US, for all tokenized authorization.