Garland Group Blog

Tap the break on site-authentication?

February 6, 2007 The Community

This is some interesting research that I haven’t heard before. The gist of the article is that banks considering implementing site-authentication solutions should pause to reconsider. This initial research seems to point to these methods being somewhat ineffective. This makes me curious. I wonder if information of this sort will spawn similar thinking throughout the industry. I wonder if/how regulators might react to information like this. If nothing else, its something else to keep in mind in terms of assessing risks. If your institution has a similar solution it might be a good time to make sure management has had a chance to evaluate the risk and update your risk assessment accordingly. “

Responses are currently closed, but you can trackback from your own site.
  • Paul Barrett

    Here’s a solution that is effective:
    Passfaces is a zero-footprint user authentication method that leverages the universal human ability to recognize faces and can be used as an "unforgettable" password or as an instantly scalable second-factor authenticator. However, an often overlooked, inherent feature of Passfaces is that it also provides "user-proof" site authentication. That is: the site authentication does not rely on the user paying attention. If the site does not present the user with the correct "challenge grids" of faces, then the user cannot give away their "secret" passfaces.

    You can try Passfaces for yourself at http://www.passfaces.com/demo.