U.S. Regulators Require Two-Factor Authentication for Banks

U.S. Regulators Require Two-Factor Authentication for Banks.

Two-factor authentication is coming to U.S. banks:

Federal regulators will require banks to strengthen
security for Internet customers through authentication that goes beyond
mere user names and passwords, which have become too easy for criminals
to exploit.

Bank Web sites are expected to adopt some form of “two-factor”
authentication by the end of 2006, regulators with the Federal
Financial Institutions Examination Council said in a letter to banks
last week.

Here's more details.

This won't help. It'll change the tactics of the criminals, but won't make them go away. I've written
about that already (the short version is that two-factor authentication
won't mitigate identity theft, because it's not an authentication
problem — it's a problem with fraudulent transactions), and also about
what will solve the problem.  [Schneier on Security]

Leave a comment