Tap the break on site-authentication?
February 06, 2007 court
This is some interesting research that I haven’t heard before. The gist of the article is that banks considering implementing site-authentication solutions should pause to reconsider. This initial research seems to point to these methods being somewhat ineffective. This makes me curious. I wonder if information of this sort will spawn similar thinking throughout the industry. I wonder if/how regulators might react to information like this. If nothing else, its something else to keep in mind in terms of assessing risks. If your institution has a similar solution it might be a good time to make sure management has had a chance to evaluate the risk and update your risk assessment accordingly. “
December 31st, 2007 at 07:42 AM Here's a solution that is effective: Passfaces is a zero-footprint user authentication method that leverages the universal human ability to recognize faces and can be used as an "unforgettable" password or as an instantly scalable second-factor authenticator. However, an often overlooked, inherent feature of Passfaces is that it also provides "user-proof" site authentication. That is: the site authentication does not rely on the user paying attention. If the site does not present the user with the correct "challenge grids" of faces, then the user cannot give away their "secret" passfaces. You can try Passfaces for yourself at www.passfaces.com/demo.