Two-Factor Authentication Essay Example for Free

Two-Factor Authentication EssayAccording to the Federal Financial Institutions Examination Council, verifying someones identity online involves at least one of a hardly a(prenominal) factors. These factors are the followingInformation the Person KnowsThis could be a username and password combination, social security yield, a PIN they chose, or something else that the person could know scarce others wouldnt.Something the person is able to Physically PossesA good of this is the persons ATM card. A more secure physical factor could be a use scare off device with a key on it. The final factor that can be used is something unique to that person only, a BiometricFingerprints and Rental Scans are examples of this.The diversity between single and multi-factor authentication is that single factor would only use one of these, like a username/password combination, which could be easily stolen through a variety of methods both local and remote to that persons physical location (keygrabb ers, network sniffing, trojans, observation, brute force attacks, or just loose lips). Multi-factor authentication requires at least one other input. Therefore an example of two-factor authentication would be having to enter your username and a password and also your ATM card number and security cypher from the back, or a fingerprint scan and entering your ATM card number, or even all three for three factor authentication.The FDIC feels that financial institutions should be using two-factor authentication. There have been a number of recommendations made to the financial institution industry, and most large coasts and investment houses are now using two-factor. The bank should definitely be using multi-factor authentication. Two-factor authentication will not only protect their customers, but it will help protect them against liability in the resultant role that one of their customers does have their identity stolen.Since they are a humbled bank, budget will be a serious conside ration when making the switch to two-factor authentication. A method that has been used in the government and military, and that is now easily accessible is the use of a ironware sequential number generator. This involves the use of a small (cigarette lighter sized) device that generates a new unique number every few minutes. It is based off of a algorithm the bank computer knows and each(prenominal) person has their own unique seed number, so each persons numbers are unique to them. When they log in, they are asked for a username/password combination and the number off their hardware key. According to the FDIC this is now one of the most commonly used technologies used by online banking services.Considering that the bank is small, the above suggestion of a hardware key that generates one-time passwords is really the best option. However, USB fingerprint readers are not too expensive now, and using biometrics like this could be an option especially for work customers. The upside of the hardware key is that you can bring it with you wherever you go, but that brings up the downside that it can be stolen. Your fingerprints cannot be stolen so easily. Either way, two-factor authentication should be implemented as soon as possible to protect the bank and their customers.