Skip to content

Multi-Factor Authentication ID/Password Challenge

Question: 
Just completed listening to a CD that we purchased from you titled Multi-Factor Authentication. Unfortunately, I don't get a chance to ask questions, so I'm sending this one off to you in hopes that either Mary Beth Guard or someone familiar with the topic can answer. It was never mentioned whether adding another ID/password challenge is an acceptable form of additional authentication and where appropriate would satisfy the FFIEC directive for end of this year?
Answer: 

Typical authentication methods employ at least one of the following:
* Something the user knows (e.g., password, PIN);
* Something the user possesses (e.g., ATM or smart card, security token); or
* Something the user is (e.g., biometric characteristic, such as fingerprint or retinal pattern).

Multifactor authentication to me has meant to use a second one of these and not the same one twice. It is very likely that if the first password was compromised, the second would be with it. Whereas a smart card or biometric identifier would be a separate layer from a password and independent of it. The password could be compromised easily in many ways including through a phishing scam, but the second layer of security would not. If a token generated code was used as an example, the code provided has a purposely short life span. It expires within minutes and would then be useless. A second password would provide little additional security.

First published on BankersOnline.com 7/24/06

First published on 07/24/2006

Filed under: 
Filed under security as: 
Filed under technology as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics