on multi-factor authentication made me think Michael, as I thought I had it jelled in my brain.
I think I already discussed this in the past, but my bank uses something like that. I only have one entry that is masked, and that is a simple PIN. Setting it up was a royal pain in the behind, but using it is dirt bag easy.
I've always wondered how safe that site is. They have a three factor process(I believe), please correct me if I'm wrong.
1. The first page requires the account number and an interpretation of a character set meant to confuse machine entry. Also if a cookie is set to remember that IP, the second factor below is skipped.
2. The second page has a random secret question(five of them on file)
3. The third page has a special image (I suppose to discourage page redirects, as the image could not be reproduced), that is composed of a word created by the person who owns the account. This is where the PIN is entered and masked.
Because of the special conditions met at each page, I'm still confused as to whether this is considered three or five factor authentication.
The only problem I have with this is video hooks - any hacker could be watching the same video image of the logon as I am, if he has somehow placed a spybot that has survived long enough to make it into my session.
Keyboard hooks are irrelevant, as my password vault encrypts and masks passwords. However it DOES NOT mask user IDs and special answers to authentication questions.
With finger print scanning, facial recognition, getting cheaper by the minute; why couldn't this be used along with easy to remember pass phrases; perhaps including voice print technology; to implement an even faster, more efficient authentication system?
Keep Up with TechRepublic