« 50 Cent Holes | Business Continuity and Disaster Preparedness (BC/DP) »

October 20, 2005

Alarmed about Security and Privacy

Alarmed is a column at CIO.com on security and privacy.  Key graphs from recent article, "Life beyond Passwords:"

"... single-factor authentication—user name and password—is still the Internet’s calling card. ... And it’s simply not good enough. The proliferation of phishing has made that much clear."

"Whatever we’ve done to educate the general public about spoofed e-mails and websites is failing. Miserably. Last week a young relative of mine—one who is smart, plugged-in and a recent grad of a good business school at a major university—told me that she’d never heard of phishing... (and a) report from the Pew Internet & American Life Project ...Of 2,001 adult Internet users polled this spring, only 29 percent said they had a good idea of what phishing is. Fifty-five percent weren’t really sure, and a full 15 percent had never heard the term."

"Vendors are just starting to create a whole category of nifty software that will, without causing customers much if any consternation, protect their accounts much better than user name and password ever could.

"It’s the kind of program that Bank of America just announced. With SiteKey, online banking customers will have the option of picking an image and phrase and answering three additional security questions of their choice. Then, when they log on to Bank of America’s site, they’ll see the image and phrase. If they don’t, they’ll know something is wrong

"This kind of technology is so new that there isn’t a silly name for it yet; Tubin refers to it loosely as 'risk-based authentication.' The idea is to look at, say, the IP address, operating system and clock setting of the computer or computers where a customer generally accesses his online accounts."

Alarmed is a biweekly.  Look for a new version every other Thursday.

Posted by DavidK at October 20, 2005 03:43 PM | Permalink

Comments

Post a comment