My main bank, TD Canada Trust, recently implemented a multi-factor authentication system on the online banking site. When you log in from a computer you haven’t used before or perform certain transactions, it will randomly ask you one of 5 security questions (out of about a dozen or more) that you chose earlier. You will then be required to input the right answer to continue to log in.
I personally think this is great. I do a lot of my banking online and anything that makes it more secure is great. Even if it means it takes an extra minute to log in. The only way I think they could improve this is by allowing you to create your own questions. Most of the questions are things an attacker wouldn’t normally look for, but this would make it even more secure. Also I think it should ask you a question everytime you log in.
Ironically, just about two months after they implemented this, they were hit by a phishing attack which targets anybody, whether they are a TD customer or not. The email asks them update their information on a website that looks nothing like the real TD site. I think this would be a good time to remind you that banks and companies that deal with money will probably never contact you by email to “update your information”.
Great reminder. Banks have been boiling down on security extra hard recently, since the spike in online banking use. I can’t even remember the last time I walked into a bank.
Left by ob81 on August 5th, 2007