Does your bank use two-factor authentication?


Many security-conscious banks and e-commerce providers offer clients the option to use two-factor authentication, which combines something you have, some sort of personal digital security device, with something you know, your password, every time you login. This is the safest way to bank online, because even if someone can steal your username and password, say by phishing or a keyboard logger spyware program, they cannot access your online accounts without the security device.

Two-factor authentication options include one-time passwords (OTPs) sent as SMS text messages to a mobile phone, OTP tokens or cards, and smart bankcards with identity certificates. For example, the OTP token works by generating a unique number you enter using the keyboard for every login or online payment. Your bank checks the unique number to make sure the OTP token is present before approving the transaction. Another option could be inserting your EMV bank chip card into a small USB reader when you bank or pay online. The small computer in the chip card provides the digital security. Your bank checks that the card is present and authentic, and that you entered your password or PIN code. Only then will it approve the access or transaction.

Companies now offering optional two-factor authentication including Bank of America, Google Gmail, Amazon Web Services and PayPal, but you have to ask for it. Your bank or e-commerce provider may also offer this option. To find out, visit the security section of your bank’s website.

See also:

What is phishing?

What are crimeware and malware?

What is a keystroke monitor?

What is a certificate?