Wall Street & Technology: Blog
subscribe February 20, 2007

RSA Responds to Site-to-User Authentication Study

A couple of weeks ago, we wrote about a study that seemed to prove that site-to-user authentication was a broken practice. Well, not surprisingly, the purveyors of such technologies took exception to the notion that their product was ineffective. What follows is a response written by Louie Gasparini, co-CTO of the consumer division of RSA, the security division of EMC that sells Passmark site-to-user authentication technology.

“Following the RSA team's review of the recent Harvard/MIT report on online banking website security, we thought it prudent to offer a few comments; these should help answer questions related to the effectiveness of site-to-user authentication technology.

When the site-to-user authentication technology referenced was developed, the intent was twofold; first, it was meant to assure consumers that they were at the correct/legitimate site. Further, the technology was designed to better protect these consumers - with both visible and invisible authentication - which would run behind the scenes.

Many of today's authentication solutions, such as RSA's Adaptive Authentication, are based on a layered approach to security. While the site-to-user image feature is one of these layers, it is not sold as a stand-alone solution. Site-to-user is always coupled with additional user authentication and behind-the-scenes risk analysis.

While the study did a good job looking at how users interact with one security component banks use on their websites, it did not address the safety practices of the consumers who bank online - nor did it address a bank's entire security strategy. Similarly, if a police officer were to examine the value of an alarm system on the front entrance of an apartment complex without taking a look at building residents' individual door locks or the general habits of the residents, this would not provide a full security picture.

While data in the Harvard/MIT report undisputedly shows that 60 users in the study logged into their bank account even though they did not see their selected image, a Gartner study of 5,000 US adults in August 2006 found that most Bank of America online banking consumers found Bank of America's site-to-user authentication both convenient to use and reassuring to their sense of security. RSA's own research and surveys show similar results."

Because we’ve already aired our thoughts on the study, we’ll let the vendor’s argument speak for itself. Leave your opinions in our Comments section.

Posted by Cory Levine at 02:28 PM



This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


CHECK THIS OUT

Make your organization more efficient and customer focused. Visit the Transaction Lifecycle Management Site today!


Featured White Paper
Grupo Santander Uses TLM Reconciliations to Reduce Operational Risk, Boost Efficiency

Events

Live Events:
Advanced Trading's Buy-Side Trading Summit
November 15 - 17, 2009


Marketplace

Career Center


Ready to take that job and shove it?

Function:
Information Technology
Engineering
State:


Keyword(s):

Browse By:
State | City

Techweb
Informationweek Business Technology Network
InformationweekInformationweek 500Informationweek 500 ConferenceInformationweek AnalyticsInformationweek Events
Informationweek MagazineGlobal CIOIWK Government ITbMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingPlug Into The CloudDr. DobbsContentinople
space
TechWeb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0Mobile Business ExpoNoJitter
Black HatGTECEnergy CampCloud ConnectEnterprise Cloud SummitCloud Summit ExecutiveGov 2.0 ExpoGov 2.0 Summit
space
Light Reading Communications Network
Light ReadingLight Reading AsiaUnstrungCable Digital NewsInternet EvolutionPyramid Research
Heavy ReadingLight Reading LiveLight Reading InsiderEthrnet ExpoTelco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems and TechnologyInsurance and TechnologyWall Street and TechnologyAccelerating WallstreetBST SummitBuyside Trading SummitIT Summit
space
Microsoft Technology Network
MSDNTechNetTotal IT ProTotal Dev ProTotal IT Pro CommunityTotal Dev Pro Community
space