Tuesday, February 06, 2007

NYT Article on Weak Security of Bank Web Sites

The New York Times ran an article yesterday critical of security on some banking web sites.

The focus of the article was on SiteKey, developed by PassMark security about two years ago specifically for Bank of America. This technology really only authenticates the user's machine rather than the user.

But BoA, as well as, other banks bought into it as a psychological cushion. Unfortunately, the cushion has deflated.

With automated MITM attacks now possible against One-Time Password (OTP) tokens, it's only a matter of time before new authentication methods for web sites will have to be dreamed up. Obviously, two-factor authentication didn't do the trick.


Post a Comment

<< Home