Have you noticed your financial institutions are changing the way you access your accounts?
The financial industry is highly aware of the need for the tightest security and authentication of access. Authentication is a way of determining that the person who's on the other side of the Internet has legitimate access to the information that they're requesting. So typical authentication for the banking industry breaks down into three different categories – typically described as weakest to strongest – something you know, something you have and something you are.
- Something you know: A unique piece of information that is knowledge that would somehow authenticate you. This is probably the weakest form of authentication. Something you know is typically a password, a Social Security number, your mother's maiden name, the street where you were born etc. It could also be a user-defined password.
- Something you have: This could either be a software-based token or it could be a hardware-based key. A RSA key is a hardware-based token that you carry with you with a password that keeps changing every 15 minutes.
- Something you are: For example a fingerprint, a voiceprint or a retina scan that's associated directly with a person.
Single factor authentication is typically just something you know. Two-factor authentication on the other hand refers to using not just one factor, but two separate factors. So it's something that you know, most typically it's something that you know plus one of the other factors. So it could be your user name, your password, and your ZIP code; or it could be something that you know plus something that you have. Therefore it could be your user name, your password, and a validated IP address, a cookie that's based on your PC, or a hardware-based USB key. It could also be something you know plus something that you are, for instance a fingerprint scan plus a password.
So why is two-factor authentication important? In October 2005, the Federal Financial Institutions Examination Council (FFIEC), informed banks, credit unions, and thrifts, that user name and password combination alone MAY NOT be sufficient for certain types of high-risk transactions. The FFIEC is RECOMMENDING banks, credit unions, and thrifts show some good faith effort to implement additional security by the end of 2006.
Of course the challenge with two-factor authentication is aggregation in the AdvisorPlatform. Each institution needs to be converted on an individual basis so the data can be pulled nightly. Once that has been accomplished accounts that were previously aggregated are in a manual state and will need to be re-aggregated for proper reporting of these assets. eMoney has a code in place to handle this and the only down time for our clients will be when the financial institution implements the two factor authentication and it is necessary to adjust that particular aggregation code to cope with the change.
Inevitably, there will be more and more enhancements to security in the months and years to come. As more financial institutions migrate to two-factor authentication, there could be unavoidable delays in the future. If you have any questions regarding two-factor authentication please contact
Customer Support.
|
What is Two-Factor Authentication?
