Posted by:
admin
15 years, 11 months ago
The blogosphere is alive with talk about the FFEIC's guidance requiring stronger authentication for online banking. Inevitablty, someone says how useless better authentication is when PCs are so insecure. I'm reminded of the frustrations we had in my last company, iTendant which marketed web-to-wireless service request management software to office landlords. As they say in real estate, the three most important things are "location, location, location".
In reality, location, building quality, rental rates and quality of support services are important and the landlords can't do anything about the first two after the building is up. They can lower their rental rates to attract more customers, but who wants to do that? The only thing they can do is to keep their tenants happy via top notch service which will increase occuppancy, reduce turnover and increase retention.
Banks can't really do anything about the consumer machine, except educate consumers and if they are going to do that, they might as well include information about two-factor and mutual authentication, the things they actually can do something about.
In addtion, banks control their servers and they should be extremely diligent about keeping an eye out for cross-site scripting vulnerabilities. For this, I recommend SPI Dynamics (FD: I'm an investor). Banks should scan their sites whenever there is a new vulnerability or when there is a change to the site.
BTW, we sold iTendant to Abrahams Industries. They have a solid hotel client base - that understands how important service is - and wanted better technology. Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)