All Top Banking

2FA is Needed for Online Services

Posted by John B. Frank Friday, April 17, 2009

Will 2FA use transcend online banking? : News : Security - ZDNet Asia
Will 2FA use transcend online banking?
By Vivian Yeo, ZDNet Asia
Friday, April 17, 2009 07:25 PM

SINGAPORE--Two-factor authentication (2FA) is starting to become available for online services other than banking and remote logon to corporate networks, but it remains to be seen whether consumers will take to it.

Local security technology firm Data Security Systems Solutions (DSSS), is set to showcase a new two-factor authentication service for online services at the RSA Conference next week. Called BetterThanPin, the service is unique in that it allows consumers, rather than service providers or enterprises, to initiate stronger authentication for the online services they deem important, said Tan Teik Guan, the company's chief executive and chief technology officer, in an interview Friday with ZDNet Asia.

The BetterThanPin service requires a user to create an account on the BetterThanPin portal and register the online accounts. (Editor's Note...IMHO, that makes it "worse than PIN" because it's done on the web.  Anything done in the browser space is hackable.)

During the sign-up process, the user is also asked to select the preferred mode or token of receiving the weekly-generated passwords. These temporary passwords--six-digit numbers--will be added to the string of characters in a user's static password for a particular account.

According to Tan, the service currently only allows users to initiate 2FA for their Gmail accounts. However, it is also ready to manage Facebook accounts, and there are plans to include Yahoo Mail and Skype to BetterThanPin. The service is also envisioned to be compatible with hardware and software tokens.

Starting next week, DSSS will initiate a trial for Gmail users, he added. The company is targeting 1,000 users of different demographics globally to participate in the trial, which will last till August.

"From the feedback, we will decide whether to continue [developing] the service [and] what [other] online services to ready [it for]," said Tan.

The company has so far been focused on developing BetterThanPin, which uses existing authentication technology by DSSS, and paid scant attention to the commercial viability of the service, admitted Tan. However, he said the service could eventually be offered through the cloud by service providers, in individual enterprise deployments such as Intranet sign-in or directly to individuals.

Should DSSS market the service direct to consumers, it may include advertisements sent with the temporary passwords as it would not be realistic to offer the service for free long-term to consumers, he noted.

DSSS is not alone at trying to introduce stronger authentication for online services. Last month, Vasco Data Security announced in a media release that customers of Square Enix would be offered stronger authentication to access content and services by the Tokyo-based video game company.

With the move, Vasco noted the popular massively multiplayer online role-playing game, Final Fantasy XI, would be the first online game in Japan to make use of one-time passwords for authentication.

Citing statistics released by Japan's Ministry of Internal Affairs and Communications in February, Vasco said there were nearly 2,300 cases of fraudulent access to online services in the country last year--a 26 percent increase year on year. Over half of the cases involved online auctions, while some 457 were related to online games.

Security vendors including Sophos and Symantec, have also, in the past, warned of cybercriminals tapping on malware such as Trojans to steal credentials of online gamers. With the growing number of online game sites and players, it was increasingly lucrative for malware writers looking to profit from online assets.

Continue Reading at ZDNETAsia





,

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio