Security A to Z: Two-factor authentication

Banks and other online financial institutions consider alternatives to the password.

Natasha Lomas Mobile Phones Editor, CNET UK

Natasha Lomas is the Mobile Phones Editor for CNET UK, where she writes reviews, news and features. Previously she was Senior Reporter at Silicon.com, covering mobile technology in the business sphere. She's been covering tech online since 2005.

See full bio

Natasha Lomas

Nov. 28, 2006 11:52 a.m. PT

When it comes to beating fraudsters, if one security measure is good, two is better, right?

That's the principle of two-factor authentication, which is getting big in the online banking world. It works alongside usernames and passwords as a second level of security, helping to ensure that a user of a service such as e-banking is the person they say they are.

The second level of security can be anything--from hardware that generates a single-use number to a series of pre-selected security questions. Typically, though, it is the physical devices--tokens and password/PIN generators--that are most commonly discussed.

It's early days for the tech, but it already has its critics. Back in 2005, security guru Bruce Schneier gave it a vote of no confidence, saying it is "designed to solve the issues from 10 years ago."

Natasha Lomas of Silicon.com reported from London.