Security Basics mailing list archives
Bankers on FFIEC
From: "Ken Kousky" <kkousky () ip3inc com>
Date: Wed, 14 Mar 2007 20:42:52 -0400
The FFIEC guidance on online banking calls for strong authentication, applied based on appropriate risk analysis and they even spell out the three factors of authentication and state that single factor password authentication isn't adequate. Yet, I've found many banks adding addition questions to the login sequence and thinking they've added another factor. Does anybody have experience with this situation and understand how banks are getting around the Guidance for Online Banking requirements? KWK
Current thread:
- The Value of GIAC/GSEC Certification andrews (Mar 14)
- Re: The Value of GIAC/GSEC Certification Kim Guldberg (Mar 15)
- Re: The Value of GIAC/GSEC Certification andrews (Mar 15)
- Re: The Value of GIAC/GSEC Certification Florian Rommel (Mar 15)
- RE: The Value of GIAC/GSEC Certification Nick Duda (Mar 15)
- Bankers on FFIEC Ken Kousky (Mar 15)
- Re: Bankers on FFIEC William M. Davis (Mar 15)
- RE: The Value of GIAC/GSEC Certification Johnston Mark (UK) (Mar 15)
- RE: The Value of GIAC/GSEC Certification Tony UcedaVĂ©lez (Mar 23)
- RE: The Value of GIAC/GSEC Certification Don Parker (Mar 23)
- RE: The Value of GIAC/GSEC Certification Craig Wright (Mar 26)
- RE: The Value of GIAC/GSEC Certification Tony UcedaVĂ©lez (Mar 23)
- RE: The Value of GIAC/GSEC Certification Tony UcedaVĂ©lez (Mar 23)
- RE: The Value of GIAC/GSEC Certification Craig Wright (Mar 23)
- Re: The Value of GIAC/GSEC Certification Kim Guldberg (Mar 15)
- Re: The Value of GIAC/GSEC Certification William M. Davis (Mar 15)
- <Possible follow-ups>
- Re: The Value of GIAC/GSEC Certification K. Brian Kelley (Mar 15)
- Re: Re: The Value of GIAC/GSEC Certification hannawi (Mar 23)