Ready to Start Your Career?
February 24, 2016
Two-Factor Authentication for Online Banking
February 24, 2016
This my first post, so I'll start with a serious issue in our day-to-day lives. I'm posting for the purpose of awareness.Millions of people use online services every day. It's crucial that systems prevent users from accessing each other's information. So, they need ways of uniquely identifying each user that prevent users from impersonating each other. This is called identification and authentication.If companies can't rely solely on password authentication, perhaps having two pieces of information would be more secure? This is known as two-factor authentication and you've almost certainly used it without realizing.When you take money out of an ATM, you give the bank two pieces of information – the data stored on your bank card and your PIN. Individually, neither piece can be used to your account. When used together, they allow you to withdraw money and perform other transactions.Some banks offer similar two factor authentication for online banking customers. Accounts need to be unlocked with the combination of a password and a four or six digit number generated on a hardware security token.If you use online banking and don't have a hardware token, it will be well worth finding out if your bank offers them. If they don't, consider switching to a more secure banking service. Hardware Security TokensThese devices contain a clock and a number generator, which creates a new, one-time password every minute or so. The bank synchronizes the token with a master computer before issuing it to customers. The token and the master computer generate new passwords in sync with one another.When the user is asked to enter the one-time password into their browser, they press a button on the token and enter the four or six digit number shown on the screen. The master computer will have generated the same number. The two values are compared. If they match, the user is granted access into their account. Two-factor Authentication on the WebA number of companies, including Apple, eBay, Google and Microsoft support two factor authentication to improve online security for their users. Rather than a single password, two-factor authentication requires the user to enter two pieces of information: their password and a changing value that's either sent by the website to the user's mobile phone or generated by a companion application on the user's computer. ClosingAccording to Wikipedia, "The use of two-factor authentication to prove one's identity is based on the premise that an unauthorized actor is unlikely to be able to supply both factors required for access. If, in an authentication attempt, at least one of the components is missing or supplied incorrectly, the user's identity is not established with sufficient certainty and access to the asset (e.g., a building, or data) being protected by two-factor authentication then remains blocked. " Thanks for reading my first post. Please post your comments below.