Loading ...
Industry insiders knew this would happen at some point.
Brian Krebs of the Washington Post writes, “Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called “two-factor authentication” — the second factor being something the user has in their physical possession like an access card — as the answer to protecting customers from phishing attacks that use phony e-mails and bogus Web sites to trick users into forking over their personal and financial data.”
It seems to me the strongest push came from the FDIC. One can read about it here and here. Sometimes web based two factor authentication was compared to ATM transactions: having something you know (pin) and something you have (banking card). What the FDIC did not realize is that it is much easier to set up a proxy than it is to set up a fake ATM machine that would scan the code from the bank card and steal your pin number.
What now?
