What is this? From this page you can use the Social Web links to save Multi-Factor and Risk-Based Authentication to a social bookmarking site, or the E-mail form to send a link via e-mail.

Social Web

E-mail

E-mail It
June 21, 2007

Multi-Factor and Risk-Based Authentication

Posted in: Podcast, AppSec Strategy

In the last year, multi-factor and risk-based authentication systems have hit the real world of Internet end-users, particularly for on-line banking and finance applications. Strong industry requirements and a recognition of the serious risk of user account compromise have rushed many organizations to implement these “strong authentication” systems for high-risk applications. Now that these are implemented, what’s the result?

In this podcast, I talk with fellow industry researcher and security consultant Bruce Marshall. We discuss our experiences helping companies roll out their multi-factor and risk-based authentication systems for security sensitive online applications. Gathering from many organization’s first attempts, there is plenty to be wary of when moving toward mulit-factor authentication to ensure that you get the expected reduction in risk. Without careful planning, it is entirely possible that the result could be higher risk due to implementation flaws. We discuss what pitfalls and principles companies should be aware of before jumping on the multi-factor or risk-based authentication bandwagon.

Kris Drent

 
icon for podpress  Multi-Factor Authentication and App Security Reality [32:20m]: Play Now | Play in Popup

Return to: Multi-Factor and Risk-Based Authentication