Skip to main content

more-on-effectiveness-of-strong-authentication

Network World has given Bruce Schneier a chance to clarify his position that strong authentication is "Too Little Too Late" and has given RSA's CTO, Joe Uniejewski, a chance to rebut.

While Schneier does clarify that he's not against strong authentication, he seems to think it's not going to be effective against identity theft and fraud. He references the fact that credit card companies pay little attention to authenticating the identity of the individual and focus on authenticating the transaction. However, he seems to think that two-factor authentication can't do this! As I have discussed before why not?? This seems like a great solution. Log in with your password, but when you want to do a transaction, give us the one-time password.

Uniejewski's response misses this fact, unfortunately. He indicates that RSA is looking at ways to "raise the standard authentication interfaces".

Both authors agree that passwords are past their prime.

It's a complex issue that threatens online banking and ecommerce. There are a number of attacks on the client, the servers and the network that make it difficult for one single solution to fix all the problems. If you look at the credit card processing systems and ATM systems out there, you can see the complexity that has developed to address security. It is important to remember that it is an ongoing battle and also that the risk needs to be minimized to a point where it can be insured against.
Currently unrated

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom