The Current Crop
In our last article, we took a look at some of the security threats that face the ordinary Joe who is logging into online services today. From that you will have (I hope) received a very succinct impression regarding the state of your personal security as you transact online.
Let us take a look at the types of solutions that are being used on the Internet right now, culminating with a look at 2 Factor Authentication.
Single Factor Authentication Solutions: this is where the password is not ciphered or disguised in a manner that protects it from key loggers/screen scrapers, and social engineering techniques such as phishing. We'll be looking at:
- The fully transmitted login password
- The partially transmitted login password
- Scramble Pads
- Virtual Keyboard
2 (Separate) Factor Authentication Solutions: this is where two factors exist to produce unrelated information as sources for the login process. This means that a password or PIN is entered, plus a separate piece of data that is sourced from something other than the computer.
- The Bingo Card (Static Grid Card)
- The TAN list
- Mobile Phone SMS Password
2 (Combined) Factor Authentication Solutions: this is where the user combines their password and an issued token to produce either a ciphered representation of a password/PIN, or a unique one time password/PIN dispatched through a mobile phone or similar device. In this category we'll be examining:
- The Dynamic Grid Card OTP
- Electronic Token OTP
- Mobile Phone/PDA OTP
Let us begin at the beginning, with that dreaded login box.