Wall Street & Technology: Blog: RSA Responds to Site-to-User Authentication Study

RSA Responds to Site-to-User Authentication Study

A couple of weeks ago, we wrote about a study that seemed to prove that site-to-user authentication was a broken practice. Well, not surprisingly, the purveyors of such technologies took exception to the notion that their product was ineffective. What follows is a response written by Louie Gasparini, co-CTO of the consumer division of RSA, the security division of EMC that sells Passmark site-to-user authentication technology.

“Following the RSA team's review of the recent Harvard/MIT report on online banking website security, we thought it prudent to offer a few comments; these should help answer questions related to the effectiveness of site-to-user authentication technology.

When the site-to-user authentication technology referenced was developed, the intent was twofold; first, it was meant to assure consumers that they were at the correct/legitimate site. Further, the technology was designed to better protect these consumers - with both visible and invisible authentication - which would run behind the scenes.

Many of today's authentication solutions, such as RSA's Adaptive Authentication, are based on a layered approach to security. While the site-to-user image feature is one of these layers, it is not sold as a stand-alone solution. Site-to-user is always coupled with additional user authentication and behind-the-scenes risk analysis.

While the study did a good job looking at how users interact with one security component banks use on their websites, it did not address the safety practices of the consumers who bank online - nor did it address a bank's entire security strategy. Similarly, if a police officer were to examine the value of an alarm system on the front entrance of an apartment complex without taking a look at building residents' individual door locks or the general habits of the residents, this would not provide a full security picture.

While data in the Harvard/MIT report undisputedly shows that 60 users in the study logged into their bank account even though they did not see their selected image, a Gartner study of 5,000 US adults in August 2006 found that most Bank of America online banking consumers found Bank of America's site-to-user authentication both convenient to use and reassuring to their sense of security. RSA's own research and surveys show similar results."

Because we’ve already aired our thoughts on the study, we’ll let the vendor’s argument speak for itself. Leave your opinions in our Comments section.

Posted by Cory Levine at 02:28 PM

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.