One of my banks (for various reasons I bank at several places) has instituted their new "ultra-secure two-factor authentication system." Sigh. I'd love to find out who actually designed and sold them the system, so I could publicly humiliate them by name ...
...because it isn't "ultra-secure" nor is it really two-factor. One factor twice is NOT the same as two-factor. The idiot(s) that purchased this new system for the bank should have done some basic research.
For those who aren't certain what I'm talking about, either check wikipedia or listen up (although I'm telling you the same thing, just simplified) -- there are 3 common "factors" that you can authenticate someone by.
- Something you KNOW -- like a password, a pin number, your SSN, a special hand-shake, or which picture is a kitten
- Something you HAVE -- a random number generator, a CAC, an embedded RFID tag, or a physical key (preferably something difficult to duplicate)
- Something you ARE -- your DNA, retinal scan, fingerprint, voice, etc.
There is no multiple of single factors that is as secure as a single multiple factor.The other part of their security? They set a cookie on your machine. *THAT's* their multi-factor ultra-secure system... TWO PASSWORDS AND A COOKIE? Yikes. And the very best part? If you don't have the super-special cookie because you're
My task now is to find a financial institution that uses honest-to-goodness multi-factor. So far all I can find is Paypal.