Factor Authentication in Online Banking

The Current Crop

In our last article, we took a look at some of the security threats that face the ordinary Joe who is logging into online services today. From that you will have (I hope) received a very succinct impression regarding the state of your personal security as you transact online.

Let us take a look at the types of solutions that are being used on the Internet right now, culminating with a look at 2 Factor Authentication.

Single Factor Authentication Solutions: this is where the password is not ciphered or disguised in a manner that protects it from key loggers/screen scrapers, and social engineering techniques such as phishing. We'll be looking at:

1. The fully transmitted login password
2. The partially transmitted login password
3. Scramble Pads
4. Virtual Keyboard

2 (Separate) Factor Authentication Solutions: this is where two factors exist to produce unrelated information as sources for the login process. This means that a password or PIN is entered, plus a separate piece of data that is sourced from something other than the computer.

1. The Bingo Card (Static Grid Card)
2. The TAN list
3. Mobile Phone SMS Password

2 (Combined) Factor Authentication Solutions: this is where the user combines their password and an issued token to produce either a ciphered representation of a password/PIN, or a unique one time password/PIN dispatched through a mobile phone or similar device. In this category we'll be examining:

1. The Dynamic Grid Card OTP
2. Electronic Token OTP
3. Mobile Phone/PDA OTP

Let us begin at the beginning, with that dreaded login box.