Wednesday, September 30, 2009

6th Week of Class: It's 10PM. Do you know where your data is?

We're all doing group presentations in Database Management. The group I was in did a presentation on Multi-factor Authentication.

Since we had to touch on various technologies that can be used to implement this I had to leave a couple of things out of the presentation to stay within the time limit.

A couple recently sued their bank for not having Multi-factor Authentication. They even cited the FFIEC in the lawsuit. We mentioned in our presentation that money was a barrier for some companies when it comes for MFA because the technologies to implement it can be expensive. However, if there are more lawsuits like this, it might become too expensive not to have it.

I mentioned skimmers but didn't have time to do much more than mention a couple of sites where you could learn more. Here's a video from a British show, The Real Hustle, showing how the crooks use skimmers:



Commonwealth Bank has a pdf showing how to spot a skimmer and the Consumerist has several articles about skimmers.

What will be interesting to see is what kind of backlash there will be if and when businesses start to require their end users to use a 'something you have' factor for authentication. If/when a company many people use like Bank of America requires this people will freak. They will not care if it's free and they will not care if it keeps their information insecure. To them it will an inconvenience. I could tell you stories, but they're work related. Instead, I'll use Internet Explorer as an example. IE6 is less secure than IE7 and 8, Internet Explorer is free to upgrade, but many people in the US still use IE6.

Some people will be happy to see it happen. Anyone who's had their account compromised for instance. Maybe I'll be wrong and most people will just be upset it wasn't done sooner.

1 comment:

  1. Thanks for this blog. I'm generally enjoying all of them but some of my favorites are those where you guys blog about something that I don't specifically ask for.

    ReplyDelete