Two-Factor Authentication for Online Banking

February 24, 2016 | Views: 3267

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

This my first post, so I’ll start with a serious issue in our day-to-day lives. I’m posting for the purpose of awareness.

Millions of people use online services every day. It’s crucial that systems prevent users from accessing each other’s information. So, they need ways of uniquely identifying each user that prevent users from impersonating each other. This is called identification and authentication.

If companies can’t rely solely on password authentication, perhaps having two pieces of information would be more secure? This is known as two-factor authentication and you’ve almost certainly used it without realizing.

When you take money out of an ATM, you give the bank two pieces of information – the data stored on your bank card and your PIN. Individually, neither piece can be used to your account. When used together, they allow you to withdraw money and perform other transactions.

Some banks offer similar two factor authentication for online banking customers. Accounts need to be unlocked with the combination of a password and a four or six digit number generated on a hardware security token.

If you use online banking and don’t have a hardware token, it will be well worth finding out if your bank offers them. If they don’t, consider switching to a more secure banking service.

 

Hardware Security Tokens

These devices contain a clock and a number generator, which creates a new, one-time password every minute or so. The bank synchronizes the token with a master computer before issuing it to customers. The token and the master computer generate new passwords in sync with one another.

When the user is asked to enter the one-time password into their browser, they press a button on the token and enter the four or six digit number shown on the screen. The master computer will have generated the same number. The two values are compared. If they match, the user is granted access into their account.

 

Two-factor Authentication on the Web

A number of companies, including Apple, eBay, Google and Microsoft support two factor authentication to improve online security for their users. Rather than a single password, two-factor authentication requires the user to enter two pieces of information: their password and a changing value that’s either sent by the website to the user’s mobile phone or generated by a companion application on the user’s computer.

 

Closing

According to Wikipedia, “The use of two-factor authentication to prove one’s identity is based on the premise that an unauthorized actor is unlikely to be able to supply both factors required for access. If, in an authentication attempt, at least one of the components is missing or supplied incorrectly, the user’s identity is not established with sufficient certainty and access to the asset (e.g., a building, or data) being protected by two-factor authentication then remains blocked. ”

 

Thanks for reading my first post. Please post your comments below.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
6 Comments
  1. What is needed is a 2FA toolkit and provably secure framework that PEOPLE can custom create and bind to things they have or know.. and DOES NOT need a third party, (Verisign, Google, IoS/G-App) to provide the middleware needed to enforce access.

    Something as simple as a USB key that I carry.. and is BIOS bound to a PC to lock access or a supper bios key-sequence that only I know .. Kinda like the nerds in Blade Runner that could goose anything. Neva happen..

  2. Thanks Yash8878

  3. Hey Sorrow..
    Please don’t comment or write anything which is problematic, in jest also…
    and i am not responsible for any illegal activity, i am posting for awareness purpose…

  4. Hello !!! I love the the way google used the two factor auth,its a good interface and it add a security not securities layer,nice!!!

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel