Comments on: Online Multi-Factor Authentication http://www.outsidelook.com/2008/05/11/online-multi-factor-authentication/ Small Business Research and Consulting Mon, 14 Jun 2010 19:57:16 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Eric Lovejoy http://www.outsidelook.com/2008/05/11/online-multi-factor-authentication/comment-page-1/#comment-35 Eric Lovejoy Sun, 14 Sep 2008 14:50:29 +0000 http://www.outsidelook.com/?p=33#comment-35 I saw something similar, but not quite so secure as SMS. Citibank, at one time, had particular authentication involved in P2P transactions and the addition of a new payee in Bill Payer. They would send a secure code to your e-mail address when you clicked on one of these options within online banking. This service lasted for a time, but then stopped. I think it had something to do with how long I had an open account with them. When I questioned the reason why this service stopped, I was not provided with an adequate answer. I think the SMS authentication is a great idea. Chase already uses a mobile system where all inquiries are processed from your mobile phone to their servers, no internet login required. I think it's a bit much, but it's effective. In order to get someone's information, you first need to identify that they're a user, then steal their phone. As for why many places haven't implemented this particular security method? Not enough forward thinking. They don't understand our generation, Ben! I saw something similar, but not quite so secure as SMS. Citibank, at one time, had particular authentication involved in P2P transactions and the addition of a new payee in Bill Payer. They would send a secure code to your e-mail address when you clicked on one of these options within online banking.

This service lasted for a time, but then stopped. I think it had something to do with how long I had an open account with them. When I questioned the reason why this service stopped, I was not provided with an adequate answer.

I think the SMS authentication is a great idea. Chase already uses a mobile system where all inquiries are processed from your mobile phone to their servers, no internet login required. I think it’s a bit much, but it’s effective. In order to get someone’s information, you first need to identify that they’re a user, then steal their phone.

As for why many places haven’t implemented this particular security method? Not enough forward thinking. They don’t understand our generation, Ben!

]]>