Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

06:17 PM
Ivan Schneider
Connect Directly
RSS
E-Mail
50%
50%

Two-Factor Authentication? Only on paper...

Security firm F-Secure has the details of the phishing attack on Swedish bank Nordea, as well as several other informative entries in their security blog.

Security firm F-Secure has the details of the phishing attack on Swedish bank Nordea, as well as several other informative entries in their security blog.But in the debate about whether two-factor authentication, as mandated by the FFIEC in its recent guidance, will prove at all effective in actually stopping phishing, I believe that the Nordea example is a weak example of the vulnerability of the approach. Yes, there are ways to defeat two-factor authentication. But one of the least secure approaches to two-factor authentication is with a paper scratch-off ticket.

Compared with a token device that generates a changing code every 30 seconds, the Nordea solution was not particularly hard to beat, as it's just another password (albeit one that's hidden until use). To defeat the VASCO approach, for example, the hacker has to ride shotgun on the transaction through a Trojan horse or some kind of man-in-the-middle attack.

Just wanted to point that out for those of you evaluating which security vendors to use in order to comply with the FFIEC deadline.

Register for Bank Systems & Technology Newsletters
Slideshows
More Slideshows
Video
All Videos
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.
FULL SCHEDULE | ARCHIVED SHOWS