When should you virtualise a server? Your questions answered
Click here to read the views of our pIT stop panel

knowledge centres

SEARCH Computing Jobs White papers Google

Register . About . Digital Edition . Advertise . PDA . RSS

Experts rubbish two-factor authentication

Technology will not cut phishing, e-Crime Congress hears

Iain Thomson, vnunet.com, 27 Mar 2007

Phishing

Two-factor authentication is vulnerable to so-called 'man in the middle' attacks

Two-factor authentication will not help to reduce soaring phishing levels, experts at the e-Crime Congress in London warned today.

One UK bank is currently considering the introduction of two-factor authentication, where customers receive a key fob which displays a constantly changing password that allows them to access their online accounts.

But the technology received a resounding thumbs down from experts at the conference, despite being widely touted as the next generation of user security.

"There are a whole bunch of things that can go wrong with two-factor authentication," said Ross Anderson, professor of security engineering at Cambridge University's Computer Laboratory.

"Banks are resisting because their technical staff know that it will be expensive to introduce and will not be effective. Some banks will introduce it, it will be quickly broken and then quickly forgotten."

Anderson explained that two-factor authentication is vulnerable to so-called 'man in the middle' attacks in which a phishing site takes the pass code and uses it immediately.

Customers would also be vulnerable to muggings for their authentication tokens, and the technology would have no effect on other online crime.

Despite the technical failings of two-factor authentication consumer demand for the devices is high.

Joseph Sullivan, associate general council at PayPal, said: "We are looking at two-factor authentication.

"We were told that it would not be popular, but started a beta programme two months ago. Demand has far outstripped supply."

Further reading:

Education failing to fight phishing

Phishers crack two-factor authentication

Human factor essential for IT security

Pointsec adds two-factor authentication

More stories on these topics:

Permalink Comments Forward

what do you think?

Post your comment

Send an email to the Computing editor at feedback@computing.co.uk

Reader comments for this story

Post your comment What is this?

Like this story? Spread the news by clicking a link:

del.icio.us

digg this

related content

latest news

The MoD

NAO: £7.1bn MoD scheme running late

Scheme has already delivered important benefits but first phase is 18 months late 04 Jul 2008

Cloud

Cloud-based email will surge in "fundamental restructure"

Storm approaching email market as clouds gather on SaaS provision 04 Jul 2008

Sainsbury’s web site down again

Retailer suffers from web downtime for the second time in a month 04 Jul 2008

latest in depth

easyjet aircraft

EasyJet reviews IT processes

Cutting fuel costs and improved services high on airline’s agenda 03 Jul 2008

Williams F1 cars

Williams F1 drives through changes

Formula 1 team uses a virtual private network to exchange strategic data with its UK factory 02 Jul 2008

Gavel

Relaxed domain laws may fuel legal costs

Experts warn that changes could tempt new cyber-squatters 02 Jul 2008

Advertising Marketplace

Search for solutions, reports & analysis

Sponsored links

Featured jobs

Forensic Analysts

United Kingdom | MI5 Security Service

Forensic Analysts Working for MI5 you will use your expertise to protect the UK from terrorism, espionage and other threats to national security. You'll be joining a team that provides essential technical analysis and capability ... more >

Business Development Executive

Hertfordshire, United Kingdom | SMART

Business Development Executive, Hertfordshire, £20,000-£22,000 per annum OTE £34 -36k The role: An exciting opportunity has become available within a prestigious organisation with aggressive growth plans. We are looking to recruit an office based Business ... more >

Project Manager

Leeds, United Kingdom | NHS Connecting Health

Project Manager, Leeds, up to £53k NHS Connecting for Health is an agency of the Department of Health supporting the NHS to deliver better, safer care to patients, by bringing in new computer systems ... more >

Senior Application Specialist - Database Specialist

Chichester, United Kingdom | West Sussex County Council

Senior Application Specialist - Database Specialist, Chichester, £36,800 - £39,300 pa (includes a Market Rate Supplement) IT Services at WSCC supports and manages a variety of systems based on Oracle databases that include third party ... more >

More job opportunities

advertisement

advertisement

Most popular topics on Computing.co.uk

Communications . Ecommerce . Government . Green . Hardware . Innovation . Integration . Jobs . Outsourcing . Security . Skills . Software . Strategy

IThound

Computing newsletter

Computing Careers

Job of the week

advertisement

Related jobs

Search for a job

Try our Advanced search

white papers

Search for solutions, reports & analysis

advertisement

advertisement

advertisement