If you don’t know about multifactor ID, it usually involves your account number and
- Something you know – like your password
- Something you own – like a security token
Verisign and Ebay have been distribution tokens for some time, with a total cost of a big $7.50. These generate a 6 digit number that changes every 30 seconds. The long and the short of it is that even key stroke loggers would only have 30 secs to get into your bank account before the number changes, and if you are already in it, presumably that would not be allowed. Unlike a password which can just be read, using this system would require you to be physically burgled, or a fishing scam that you were suckered into, to get your bank details.
ITNews is reporting that Verisign are trying to get this system into Australian banks. Lets put pressure on them from the consumers to help improve our security.