The Target breach caused real damage to millions of American card users - but big financial institutions are doing little to remedy security issues, according to the New York Times.
A report found that two-factor security was STILL not on offer at major banks such as Citibank, Capital One and for AmEx cards, when it came to online banking. Many other banks require customers to opt in.
The reason, the NYT claims, is economy - for the banks, “Companies have gone back and forth about whether to even allow their customers to sign up for that second factor and require the company to generate a one-time code to be entered in addition to a username and password."
"While such precautions add to the consumer’s security, they can also increase the company’s tech support needs."
2FA: Big savings - for banks
The opinion piece, a plea for increased adoption of two-factor authentication systems, has ignited debate.
Computer World discusses if there are any “silver bullets” for a world where passwords are stolen in industrial quantities. Some attacks such as a recent attempt against PayPal have attempted to bypass these systems - but they are still another hurdle for gangs to clear.
The below ESET video explains what two-factor is.
Two-factor systems are far more secure than passwords – many high-profile hacks, such as those against the Twitter accounts of media organizations last year, could not have happened if a 2FA system had been in place. Even if a hacker places malware on a PC and steals a password, they are still locked out.
2FA: Why are banks failing us?
Information Week says that 2FA systems are a key part of ensuring corporate security: “Passwords are the Achilles heel of any network. Around 80% of all domain compromises carried out by our Penetration Testing team come from either a weak password being set, or a password being reused somewhere. Any company that takes its security seriously should protect privileged accounts with strong two-factor authentication (2FA)."
A recent report found that two-thirds of companies who allowed ‘working from home’ failed to provide secure access to company networks, putting private corporate information at risk.
Two-factor systems can help small businesses by allowing home working – and cutting overheads such as office space.
Bank attacks - safety tips
Both Information Age and Computer World suggested further measures - with Computer World suggesting Google Chromebooks as ideal for banking.
“Like private browsing, guest mode erases all traces of your browsing activity when you're done, but in addition, it also starts you off with a clean slate. That is, when you logon as a Guest there are no cookies, favorites or browsing history to be discovered, stolen or manipulated,” the magazine writes.
One of the more disquieting aspects of the NYT report was that 2FA protection was offered only to some customers - and banks were not clear as to why.
Many sites – including Twitter, Gmail and Dropbox – offer two-factor systems already, free, although you have to enable them yourself – it’s usually found under Settings or Privacy, and most sites walk you through the process.
It’s worth doing so if you keep any private information in such accounts – and particularly if you store sensitive business information.
Two-factor authentication makes it far more difficult – although not impossible – for cybercriminals to break into accounts on sites such as Twitter and Dropbox. At present, though, the system is “opt-in” – you have to go to settings, and add your authentication method manually.