Excerpt:
"The bank lobby and the Financial Services Round Table have argued against two-factor authentication," says Tom Kellermann, who is now vice president of security awareness at Core Security Technologies and commissioner and chair of the Threats Working Group on the Commission on Cyber Security for the 44th Presidency and was previously senior data risk management specialist for the World Bank Treasury Security team. "They have argued against it because of cost. Also they have argued that beyond the cost, consumers are not sophisticated enough for it. But it is mostly about cost.
"Anything you know," says Kellerman, "whether passwords or even clicking on images can be defeated by the modern Trojan horse because it takes screenshots of everything you're doing." What's worse, he says, is that "the privacy policies at most of these banks state that if you lose your name and password, they aren't liable."
These privacy policies may be one part of why banks feel one-factor authentication is good enough, but the other part is simply that no one is forcing the issue. "Why aren't these same banks that provide two-factor authentication to clients in Singapore and South Korea," asks Kellerman, "providing it here in the U.S.? Regulators haven't enforced the issue. They have been building our vaults out of wood instead of steel."
Source: InfoWorld
