Monday, December 27, 2004

Online Security

The FDIC is pressuring banks to make online banking more secure. Right now, a customer establishes his identity with a user ID and a memorized password. This level of security is apparently vulnerable to hackers who can then “hijack” the bank account. The FDIC was banks to use a “two factor” security system consisting of the memorized password and some type of hardware security device. One device under consideration is a small plastic box, about the size of your automatic car starter. This device contains a window that displays a six digit number that changes every minute. Presumably this random, ever changing number is synchronized with the computer that controls access at the bank so that the combination of your user ID, your unique password, and this random number would authenticate you. Because this random number changes each minute, it’s next to impossible for a hacker to guess the number at the precise time it is in effect. Of course, it’s unclear what would happen when the customer lost this device or had it stolen. Still, it will be much more secure than the current password system which often relies on words or numbers that are designed to help the user remember them. Unfortunately, linking a password to some personal information also makes the password much easier for a hacker to predict. This type of online security issue is of great interest to us at the registry since we will soon be recording documents electronically. One of our major concerns with electronic recording is knowing that the person submitting documents for recording is who they purport to be.

No comments: