MFA: Secure Enough?

Credit Union Journal, The, December, 2006 by Kevin Jepson, Technology Correspondent

With the Federal Financial Institutions Examination Committee's deadline for implementing multi-factor authentication (MFA) looming, a series of hacking efforts that have managed to use the MFA movement against itself has some in the industry asking: is MFA really the answer to security issues? The answer, according to a variety of industry experts: probably not.

Authentication tools take a lot of time and money, yet do very little to solve the problem of online fraud, according to several industry experts. "These multi-factor authentication solutions only handle portions of the problem," said Kelly Dowell, executive director at the Credit Union Information Security Professionals Association here. Security compliance software provider TraceSecurity agreed: "Most multi-factor solutions can be subverted," said Jim Stickley, chief technology officer at the Baton Rouge, La.-based company. "Most credit unions wouldn't have implemented multi-factor authentication, if they weren't required to, because it's very costly and not extremely effective," added Erik ...