Recently I briefed banking executives*in Bangkok on how easy it is to steal userIDs and passwords from their on-line banking customers and why they*must have two-factor authentication.** To illustrate*my key*points, I showed*the captive audience*various pictures of hardware keyloggers, for example the small black keylogger circled in the figure below.There are PS2 keyloggers (illustrated above)*and USB keyloggers. There are even keyboards with the keyloggers built into normal looking keyboards, so you have no idea a keylogger is there.*** Don’t believe me?** You can search the net and find so many!
Today I was reminded about my recent meeting in this Network World article, Two-factor authentication: Hot technology for 2008.* This article mentions numerous token-based two-factor authentication (2FA) solutions.* However, it misses a popular and inexpensive two-factor authentication used here in Thailand and APAC:* SMS-based 2FA.In a nutshell, SMS-based 2FA involves having your on-line banking system send an SMS message with a one-time password (OTP) to your cell phone.** You then must enter the OTP to complete your transaction.Is this a perfect solution?No.But, it is much better than than just passwords!A*ten year old child can easily steal your userID and password, really.