Modern banker malware undermines two-factor authentication

Ok, ill buy that..: Yes Two-factor authentication doesnt help avoid the already infected. Now what the bank SHOULD have one (other than the user having a fully patched system and AV if hes on Windows) is when the website detected that there was activity from another IP address - represented another verification system, much like this is your "login key" [a picture that you selected] along with a challenge question/answer set by the person. Or am I missing something and the fruadulant transaction was done from the same IP address?

The system should ALWAYS be challenging you and verifing your credentials. Also the preferences to access and change the security question, 'login key', phone number, etc should be protected by another OTP check and/or PIN - that differs from the initial logon check. Maybe we should have these sites start making an encrypted link from they KEYBOARD to the browser window? That could help too... Just my thoughts..; Posted by: JT82 Posted on: 09/23/09 (Edited: 09/23/2009 @ 09:15) You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Subscribe to this discussion via Email or RSS

Ok, ill buy that.. JT82 | 09/23/09

What about BoA's authentication? Been_Done_Before | 09/23/09

Been saying it for years... douglen@... | 10/08/09

Add in dual-route VoxSapiens | 09/25/09

ZEUS site suspect johnbartley | 09/27/09

What do you think?

Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!

New Online Dashboard

Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline