The recent news item here about Citibank mandating use of security tokens for its small-to-midsize business customers in the U.S. drew interesting responses from readers. One comment makes the point that security tokens can be a real nuisance.
With permission from the author of the e-mail, who wishes to remain anonymous, the comments about security tokens are as follows:
"I just read your article where you state that Citibank is requiring the use of security tokens for people who use their online services. This is at best a half-measure, and will most certainly be a major annoyance in very short order."
"It's not that I'm against two-factor authentication, mind you," the writer remarks. "I have a security token provided to me by my company that I must use whenever I access the corporate VPN from a remote location. It works well and is unobtrusive. Here's the rub--my token is incompatible with Citibank's security. I have several credit-card accounts I access online. I also access my mortgage payments, auto payments, 401(K) investments, brokerage, and other secure sites online. Can you imagine my confusion if all of them adopt incompatible tokens? Add to that the question of what happens if, in the middle of an emergency, my token stops working (batteries, after all, do not last forever, and if my current token is any indication, I cannot simply open it up and pop in a fresh cell) and I can't access the site?"
Finally, the writer of this critique ends with: "At the very least, banking and other financial sites need to be able to accommodate a range of devices so that the consumer or other customer does not wind up with a dozen of more of these silly things scattered about. On top of that, these systems need to be built in such a way that device failure is anticipated and minimized. Both of these suggestions cost money though, and provide no net benefit to the institution, so I doubt I'll live long enough to see it. Still, one can hope..."
Well, this one individual's critique is worth about a mint in focus groups, surveys, consultant's reports and all the other things that business and security firms turn to to find out what people really want.
That these comments come from someone already using a security token--well, business should take them to heart. There may not be a clear way at present to obtain the level of token interoperability envisioned here, but the IT industry thrives on coming up with answers. Making sure they're workable answers is the hard part...
Post a comment
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Network World on Twitter: Get our tweets and stay plugged in to networking news