Half-baked bloggers...

Regarding this story on a blog by Scott Ventura, called Half-Factor Authentication ... he's obviously just firing on a couple of cylinders. Tokens are perceived to be the cadillac of authentication mechanisms, but at $30-$40 a pop along with the increase in help desk calls, it's just not realistic for most organizations to implement. Entrust's grid card has been taking off around the world because of its simplicity for end users. I heard that one bank in Asia-Pacific actually saw no uptake in help desk calls after launching Entrust's grid authentication method. Users feel safe... is a grid card going to be the 'end all be all' of authentication... of course not... neither are tokens. That's why organizations need a layered security approach that both has a back end fraud detection tool that end users don't see, as well as something that is obvious to the end user. Since implementing something to interrupt the end-user experience also serves the dual purpose of bolstering their confidence, it doesn't need to be complicated to give that assurance. Since just about any authentication method can be thwarted by clever fraudsters, 'one size fits all' just opens Pandora's box for the bad guys.

Mr. Ventura... obviously, you need a little more insight into how organizations are effectively defending their customers online. It's definitely not just with tokens!