Re: 2-factor auth for all

[Nick Owen <nickowen () mindspring com>]

Thierry Zoller wrote:
> Dear Saqib Ali,
>
> SA> Verisign, and RSA are working with SanDisk to build this platform,
> SA> which might put an end to phishing
> It will just raise the bar, effort is already ongoing and we've seen
> code doing a near-realtime transfer.
>
> User <-> Phisher <-> Bank

Agreed.  Banks would be better off deploying mutual authentication. The
problem is *more* that users are going to the wrong site.  I wonder if
they would be better off sticking with username/passwords for session
authentication and requiring a second factor for transaction
authentication.  Since the users would know that the second factor was
only for transactions, they might be less likely to fall prey to phishing.

Nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------