Acccording to recent reports, the feds will require bank web sites to strengthen their security precautions for internet customers. To this end, bank web sites are expected adopt some sort of “two-factor” authentication scheme by the end of 2006. In other words, customers will soon have to verify their identity using both a password (or PIN) and some sort of physical item, such as a hardware token that produces constantly changing access codes, or perhaps a ‘smart’ card that the customer inserts into a card reader attached to their computer.
Other options include some sort of biometric verification, or perhaps technology to approximate the physical location from which the login attempt was initiated (presumably via IP address???) and compare it to the customer’s address. While I agree that security is a major issue when it comes to online banking, I’m less than thrilled about having to carry around a pocketful of dongles just to access my various accounts. And the other options have problems of their own. In my opinion, login systems such as the one used by ING Direct ($25 account opening bonus) strike a good balance between security and usability — they require an account number, PIN, and an additional (rotating) security question. Moreover, they’ve recently implemented a clickable keypad on their login screen which should help to protect against keystroke loggers.
[Source: Yahoo! News]