============================================
out-of-band authentication
From whatis.techtarget.com Part of the Authentication
glossary:
Out-of-band
authentication is a type of two-factor authentication that requires a secondary
verification method through a separate communication channel along with the
typical ID and password.
Out-of-band authentication
is often used in financial institutions and other organizations with high
security requirements. The practice makes hacking an account more difficult
because two separate and unconnected authentication channels would have to be
compromised for an attacker to gain access.
One secondary
method for out-of-band authentication is the practice of requiring the user to
make a phone call from a registered number or respond to an
automatically-generated phone call from the institution. For further security, voiceprint
technology may be used to provide biometric verification. Another method is to
require the user to text a code displayed after login from their registered smartphone
to the institution.
Out-of-band
authentication secures communications with only a slight increase in complexity
for a user. The methods are also much cheaper to deploy than security key fobs
or more complex biometric methods.
There are a
number of ways that a determined criminal can find a way around out-of-band
authentication. For example, a hacker may attempt to get the customer's phone
number changed on the account, substituting his own phone number. In this case,
the technology's effectiveness depends on the bank adhering strictly to
policies against making changes to an account without phone confirmation, or
transferring money without that extra authorization.
Smartphones can
also be a weak spot in out-of-band-authentication. If people use the same phone
for Web banking that they use for SMS authentication, they’re nullifying the
effectiveness of the secondary measure. In either case, the effectiveness of
out-of-band authentication relies upon adherence to the proper procedures.
================================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
.jpg)
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
No comments:
Post a Comment