Everyone and their MAMAs are going 2-factor, are you?

[FreshPrince]

BOA just announced that they're using 2 factor to mitigate phishing...but I don't think it will help.

If BOA forces all their online customers to use the new 2-factor authentication...they would see a decline in phishing attacks for maybe 6 months...but then hackers will come up with better ideas and use man-in-the-middle + trojans to circumvent this security system. All that money used to implement 2-factor will be useless then and another form of security will need to take its place.

If death is the punishment for hacking...we would have far less hackers :evil:

 

[phisrow]

It seems silly, really. Two-factor has its place; but it won't stop social engineering of idiots. If you are stupid enough to "Confirm your account" you'll be stupid enough to "Confirm your account by inserting your New Secur-EZ(tm) two-factor widget". And, of course, if your box is rooted, any sort of peripheral is going to be rather hard to trust.

If banks are actually going to muck around with annoying hardware, they would probably have a much better time with LiveCDs. Just whip up a custom Distro with nothing but a clean copy of Firefox pointed at the bank website, with spoofing protection, make it really simple. That would certainly be cheaper and probably help rather more.