Database - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Database


Two-Factor Authentication Could Stem Rising Tide of Identity Theft



 By: Lisa Vaas
2005-04-15
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Database story.


Rate This Article:
Poor Best
Washington panelists tout the value of the small, digital token devices that provide users with a random, six-digit code that changes every 60 seconds.

Two-factor authentication may well be the key to stemming the onslaught of identity theft now plaguing businesses and consumers—if you can talk customers into using it, that is.

"Its easy to apply two-factor authentication when you have employees [or a government mandate]," said John Carlson, senior director of BITS, a nonprofit organization of financial institutions that focuses on technology and business issues. "But its a highly different equation when you deal with customers that can choose between different financial institutions."

Carlson was part of a panel of vendor, government and business data security experts who convened Friday in Washington at the Center for Strategic and International Studies.

The panel, "Emerging ID Theft Challenges in Cyber-Space: A Discussion of Possible Technology and Policy Solutions," also included Howard Schmidt, former special adviser to the president for cyber-space security; James Lewis, of the Technology Policy Program at the Center for Strategic and International Studies; Joe Raymond, chief architect of Web optimization at E-Trade Financial Corp.; and Art Coviello, president and CEO of RSA Security Inc.

Resource Library:
The two-factor authentication to which Carlson referred uses a small, digital token device to provide users with a random, six-digit code that changes every 60 seconds. The user employs this unique code, combined with his or her user ID and password, to access sites such as online banking accounts.

Carlson said many representatives of financial institutions are working with regulatory agencies in Washington to assess the effectiveness of identity protection via two-factor authentication, but customer acceptance is the deal-breaker.

E-Trades Raymond told a different tale about the technology, however. E-Trade in March announced an optional two-factor security scheme for its U.S.-based retail customers.

Upon piloting the two-factor authentication, which will be available sometime this quarter, E-Trade found that customers actually welcomed the more-involved scheme, reflecting a perception that their private data was being more carefully shepherded. "We found that, in a lot of ways, digital security identification enforces the perception we like to put out there," Raymond said. "Almost all customers responded that E-Trade has customers interest in mind."

E-Trades program, however, is available only to customers with $50,000 or more in combined E-Trade assets—hardly an all-inclusive solution for the entire population of potential identity-theft victims.

A broader solution must include more law enforcement personnel, as opposed to new laws, said Schmidt, former czar of the presidents Cyber-Space Security initiative. He was one of a number of panelists who decried a "patchwork" of proposed legislation thats being flung out in what they portrayed as a knee-jerk response to recent data breaches, including breaches at data brokers ChoicePoint and LexisNexis.

For example, Sen. Dianne Feinstein (D.-Calif.) on Monday proposed a toughened-up version of her ID Theft Notification bill that would close loopholes in Californias current notification law, SB 1386.

In addition, legislation has been proposed by Sen. Bill Nelson (D-Fla.) and Rep. Edward Markey (D-Mass.) to regulate data brokers.

"For the most part, I think that over the past 10 years, weve done a very good job of defining criminal law with regards to cyber-security," Schmidt said. "But we dont have the resources, its just that simple. We have to do what we can to reduce the number of victims, which then gives law enforcement" the ability to tackle a reduced number of identity-theft incidents, he said.

Two-factor authentication is a potential solution for reducing the number of victims, Schmidt said, pointing to the security device he sports on a keychain. But the crucial question to answer is if we, as a society, need to consider whether we want to have a necklace of security devices for a chain of unfederated services, such as making retail purchases, accessing banking services, etc., or whether we trust government to aggregate our data in order to issue credentials.

Check out eWEEK.coms for the latest database news, reviews and analysis.



  Reader Comments: Two-Factor Authentication Could Stem Rising Tide of Identity Theft
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Database Articles          >>> More By Lisa Vaas
 


x}r㶲s\@♵M=Ҕlc-/K3ΤN!1Er/~b:?qtMZe=ؖht7Fvv$I Ӟ3ǘ[cӑGoLzIjû@BizNU sJe>HwW7nQ;^@᳑(,)*J$!1QcDws_gwԡcF4Lߵ}25rtxW{7v+n / /\1r.bL{{4,gw'9"S#& BhlU"iRi13܊Hxw^Cݑc9 N\^ Z3ttԭ=SzcG 3G]L0Hό,{~0[ QK.lG-%z^yyܻtQVu¿ Yo@ס>x6ܳL]FQKX䄍ER6'>6O) |@ɠ#ӱnG/˺79h#]m#@SKVUBX)ځ^TߚiL7?rfGzJY4E;'9@(kp mKVj0gn{'wqq p,owD߀*0QI- Y|- NWP= uϐkzQҏZ-[jZAS TFIna>E4f™EU2a}oOy}yqI}trxi#|g)̠V*PFfЊ%+Q:n]=]s\u[ݫ9^VsCV=BgCj`BmiumUo~vO^EnXCyCa#U#3\4ZO;G$'UH[vJ {훨-tK9K }!x)!,+R7#ǚ M=4ȌSHzPv@Sl VYKS703K_s;nZK}0[=RFp\ ДaCǸgMab&DJH7єye TI%嗋m|*(If(=^fA.r)i `o8{Ø*i,h."#KzlNTVʒ0Wb{'(QO .ϱ'v"yڽ^C8JXx7Y`A-E`\on:jr-6V)A**5U9=b(7Z`Lm,5,Ltϭ y0`hvz3Ϩagnۉ9~t$ࠣM/6E˥qbhj>'a xV83nuCuӹݰ=Wԇ9[i50CE 6&>P6}l279:5L&7& 0`D+лCi`y1&=բ !Tgxs=d} o  Μot҇&Qc>޹Ԇ.q<ɜ+) %P cRRP$C'hI#r Bг!,`@o!`{`[w;.VKŤ\*y"JM':N3PKRx&,S,BV-KᗄPf%i2m<V-&D7r"e.G wKቖ&ZlY,*V+WMz92a s=@.ϼs2H`0u?b!1s WQ'sԟx-~ h? OzuC=:\f3|fZ1k`Jaw4T4g Ʃ9 R g?fx0-qڛ:=CVw]ˤF|a* ,qF! 3-Ͱ&q_;+owzlr=ʇSMrF9;eyW*MMUPS7˕L4+׬UPM g2)*[hw< 9:[ȭ|3nR>=MO9XScX`Dv7 Lzb0ufm/n$)`V|\vLg˺VkͲT]^ӛA'~. B[+žY&&ےxmEڠueLGiK-# IPצ(΅ò=2P}62&CŸZ҆TF 9m |TM.R?-jISJJeHǝ:~Lҧ[BSjb35-F  ? |'+{gбgۋ°w^^v?~3l2_ۄ!l{LsCm0 Ǧ"}Ӻ_GN6R^-!/z0iXҗKJAUc'I?րH{A2,e,rƎe9لAٌ$ Ei.93y$pAS-cfD[O3$!OT'E)'x65 dh*O|IVt@F ;Ez . ZC3ЏBrAaj H"T `nR@;kRUԓtq -_ä?IL!2BO{M{c>4Ye nx_ℯp˻SU?? L4,QjzE?SMs\}G>N-â-h'^+0v +5TJR_!<,`;SQ9Ufj(85~Ɋd3 خ crAmhv~ 9 XQj0qs;M?bL%Jt( ֹB\U4UeGԻ6ubH=:G:0ݚ,(Y)yന^tϩiYSWLjH@A5u8|X\.``!>ߏz0f&Ш)lTgm/RU *~a;:,mhD1(dyD4@/-q8bk lBk}rq@d#RaMݜ5m"uy@VIJXhQ_4M.m(}nq&mno{9#˙yrN?dZIp|avJrekH˷"gf\>rWo鸙 DOhytUM+%zu3hSIlpQ28c=[9,3?tWk*ktx{z&kwܕ[ ܱ zORD71PUL xg4sfDcC6jM+'&lEմZY+-g}zGdCrfH| ^5Zip\?lz*%\.Yi 21}]>thG*z)OTʜYEo(QU-q'F.,%9bvvLʲH٭PSV82V6J\)aoA~fZT('0K(G܉?^nVɥڽv?fIG|)AU$UHU(V $zU;*h7xџ6XD+(++i-^2۹i mE9[ 4ʨKV-,sK"hʌg _|r[rn)tyĆ5Qh#e[,L;J墦Ak R;qG;a>&rf: ;GFe!EO.'-JP]q,g$X9H(PK,zޏɷwnh‰ۆ +~w?l)ɡXXD`дR#.avOV(ًk= XiUeAbE1 wcyJV~ZgZqRFY+ t;?\uZ}R>q/7:_?ٿ:N|00vI?0WKοH LӀoRuZ>~~:oI6?eB&[fB, '8oH19𓸗3Q=)"VsAuXog~hy% @dG*~{&5/?tŗ4G%?w@N;m)u ߽9 !5O;YF^9:m7/M1k0խxѤ~zv`5g3 \cA)cn ~]js8{JLu?y{`o&o=)sǣAlƜu9obJwfimԕEL0#ݥovV8}'i?vݷ;iNiamUzyZ J}~l't6D(jy[a{wC_U $d%FtZx@2M#}>JfzӼ4hAxn>7 <}tM7bRR?w+~OgLw.G%uB6{Ze%QJW=(qM@j҂%i(qQ#{ GXHڽ] FuUL&mquOyӨO;xx1t? G Ofxf79g#9><O$eۡ܍)“g$`GDA1}缩g6A jmgwpUE0p>-7$$\}1 ߈;6bE QM!XQ|;L83{C8jRSWW&6o)?.?.FӞ Ma_Ͻz2.mE.zQvc%F}7^S˗t8q27 ~x+lF)Y9ӨŲ]&t_GuĊ8Yz9+ֻ ]X.l\0ԥ^pOtlܛqƓԧQtfڰN1eTR.&异ǙIOSXv{FtTw1*OnqE'3[*eŸgb4`T>i9&-rw<"ң,sx,psC| ə,"9e*"ut%6R0#P`D6sLz1YbAghD $AƖ,sAɛRSpj&v̻; U][c2Ib7LA,d(΀{,*SvAV0|({P6Nh1 pa4Ȃβ A>qnBl!d5=exs9 NS6|p4ub"Q<jGaU?eFi3GnkXP1f~d֯B7^coBK66xi->5.2 _/"`MTRO5uW_͟ vqi$ q$ 1R/[O#X 6 ϗ:kHJ$w˜W:^c#i`<#I`[?mKE--!_ږ(KcG:ӯq ႐3ؙ]X&$jR&J  e ߿~i 4"5T}Cޫb<{ct[alׁtC`t D]۳U*'P'ic? GW]!塬ߝߝߝߝߝ8a rڜ#e##Q=L6,=4(&OL@$Hm?b;OoՇx%Fx8 EOvh5>]?f@tx]ü}6nc_*ҹݙMz?A'V a5~dέQc]ɷvc&;ӟs^MeHx:@,sxmkk>'>66y[y'OqF4Ex fOYg昝ͯ}]_ ΅±t*; Xn%h,?WF=p)TUR3\-O@5pB3FDϠߚG˹a"MExB(tO6k?0Z_tL%Ij~6`+@M6|[`}XEq[Ow]@]{̹Kf] -]߉-g)n>dfph֒+3$ [IHgc;wp8c[Y3@ L ,Hy.́vptowwv{i717 5QXO_,xiᅇK=-N &/W\lZd=I^֚&v-r= T?^<>E&!Q@ aIgsn"wχxVũ߲yxȓ]){ZuOln&g+h崑V9/0jJ|"OC gMoq'G:1c@m$o,S`G,h6wl`a3/01 7~6F{TN\7LYXcJ:*ǝ9sX޳~ j~h!<:%ɸQ?(p 81{[Vq8F7Nē[̮FqGDZ2 ѵKZZ/gY noR.qHVMt,׉a}*)ȁ.Wg*Dz'Nt)$E awI%aZa&Ʈ$Jjad6$ƽ"tyϹeLl 긺MmM6m@jay'bl\M>'p.d Ň^: E! :r<&6 ͤ<؎7ӭ6MEfAȢib\sI /)*JM]-Dr/N+R+Ȉzvj]!1cuTA_es[ɣ.j", jD#0Z`7?bt 6 yZŠx!y<fDZao=!vCK[76]4_q=!o7;G'թȞ -ݾ^嵏ܸMy2iE8a6ԯ݉)c;Q2X&TRӰp- |ri?NRU1snyU*1̦tB RR:<ƌp]#UMhբ fGG@+ӆU6(SR#{fN XyeZ{t#u]ϋqz^*iBy[{4Ra )zd3ч8~-?"Adkgl9 P|}P.[oW-F]M5L$C.KbJ8$h k㽽Ԙo$5Ddcežvrh&vUtTJurӔTB}F}czB>?js{-s[<+K$-^`yoKZIȶ8+.NS )q4ޓmS#OېKD L#u#Qŗ9kq&q{ZC /'Lm5rBǛh%=Q.<_!Ƅ})&eLW<00t#P̲jNT]֏pY=XCE3 c ]|­BN*o[Y_D_t h `5KtMx}7+ ާ#wA>po2|SPʕ=U+%=hp &̋XL t<.$ȐkA6ȍ="&s'?7 \vD _ _!0 8 rF@Yj$GjDl_ /uh_Sr޾ꝶe=<2PMd=¢ٝL7C7{>(4x4w8* c1xl+Ja 3:c+:3F(Y:?ra):ᘭ#!+A1H3vPJ~=>^®BRw3OaH9p=S!["eeR1@Q>~1&v+!"MJX̗ۈ) 0鄿a#kfĄ9 e_gN={=۹`bWoP$P +wdc||9 uq Dg@EQ\VP*@H>Q|eKL)!a/x[ ` 3 u|`)E<ez{?,GAv2u:ROS7%~ 6t0^Q=1e&}Ǯ%nK b$P!%h$bcx=9`6A2dzwȗ>0(-ŌCZQJФ*t!dW`cU-%N+7)^ ; Ͳgb8~ VH+^@03:uC1 u0 }a3brOuzcѼ8BI/mt;\;sr>^Q+lkni|ԭ9춾u/w~qlz0c~lT_dL۝',C r|M\G|?}R(/pY Q^MÀacj]{=-Z[A7^L˒7%Gu}uRw\&7bQ>mIk&5/m;fAoP~ (By794h3ʏh}18>֗trN+2N~g ?r/Pe})?̀],c|Πg?gYg=e 3ϳ < Oa"qz0q?I+_xl x Q:G5Id`-_93r {P<>x8" "H "s{D|%Є B8ɄpeswlPF3z8 "s HaCն 2}jQwh}v:XsÃ2W& 6L-[U/=ׇ"2cX OTC?/x\#rF31F#qyU p6+ V?'{-B+O z>731U1ւ_/gз/;MzKVo7(&\`)땴VХՠ#}K7"i½oPm B0wM{ , ^ڜkS@I`P 1|j;K\.Zؗ-;3 m+#84B<ܼmQ޺%pm.a; +CYp멎m,U|Al>cx GL} /8xu_Env˧D'7>6كl2p~M!(_E+0us^nT ] r@b],QO&\f\j_fL.ѮB@vbbqY;g&'lZhtȡ(d}jx9`^|˼+Aўx籺na|ht% ^FH‡%C>KrX}P/) ]'[Sܟ=B+a҃f.6_{ QAbf]s:#vAѪ v7"`aV1n,ـ9@/1[=܋ϑ{Ⱦ1 Yf#1ثuu2^GB~@da'Z-U~ҥN.I,'_aQd+8*)ؐrm5'0X1'(NR{Lf7}`N*)Asa#Dl [ApF_890#ŸEr,eZ,aF!%ӫrXb|{ej xٚջHQ#z.fq|ԃ!gnh]1ZBN .W652Y; [τ T4}j=]x O!0gWPR Y -f1%IDb88)ys&vж?8acTx 1L(u,Yדu![xZq‹{El>WNENE<<Sf}')E|qiORv/cohk^z<%/Z(K- NN`{Vs!"ӳo ~c Whc<y &F{5J"<&/X#iQgr&5X-lt; o]F'a1TU>\JBS+$WX/ͦG(ϗ}>4E&l)vsml-6C-;*)