Feds Demand Banks Increase Security

Two-factor authentication for bank web sites will be commonplace by the end of 2006 as federal regulators require improvements to online banking security. One factor is something you know. The second factor will be something you have. Together, the two should help minimize the effect of weak passwords and some identity theft tactics used against people by criminals. The Federal Financial Institutions Examination Council, comprised of the US Comptroller and agencies like the FDIC and NCUA, wants banks and credit unions to take steps to limit online crimes, Reuters reported. In an opinion written by the council, they criticized single-factor authentication as inadequate protection for online transactions. A common second factor used by private companies, hardware tokens with codes that continually change, could be the technology of choice. The codes on the tokens change each minute, and even if a login and password fall into a criminal's hands via a phishing scam, they would be useless without the second factor. The switch to two-factor authentication will help secure banking transactions, but won't be a panacea. Noted security expert Bruce Schneier David Utter is a staff writer for murdok covering technology and business. Email him