Taking a swipe at two-factor authentication
Source: SearchSecurity - Posted by Pax Dickinson   
Security An essay in an April trade magazine maintains two-factor authentication can't counter emerging threats, and that the industry would be wise to come up with a better solution to the nation's biggest cyberproblem: identity theft.

Most readers of Bruce Schneier's popular blog on security got a sneak preview last month when he posted the essay online under the heading "The Failure of Two-Factor Authentication." It led to a strong response from those who agree the solution has limited appeal and others who argue it works well when done right.

"I agree with most of what he says, but I don't agree it's a failure. I think he's overstated his case," New Hampshire-based security consultant Ted Demopoulos of Demopoulos Associates, whose clients include Cisco, IBM and T Rowe Price, said in a phone interview. "Two-factor authentication, at most, can be part of the solution."

Schneier, who is traveling in the Middle East and unavailable for comment, believes using more than passwords helps mitigate fraud but won't prevent imposters from illegally accessing online accounts the way some vendors claim. "It solves the security problems we had ten years ago, not the security problems we have today," he wrote.

Read this full article at SearchSecurity

Only registered users can write comments.
Please login or register.

Powered by AkoComment!