Although the cyberthieves have made in-roads this year, there are a number of clever low-cost authentication methods being tested. The thing they have in common, simplicity with no new hardware.

Here is a quick recap of the available techniques. Generally, these techniques would be used in addition to a username and password:

To thwart keylogging (but not phishing):

• virtual keypad (or string of numbers from 1 to 10): user selects numbers from the keypad/list instead of typing (for added security the numbers should be positioned differently each time)

To thwart keylogging AND phishing:

• picture/graphic selection: instead of a numerical ID, users identify the correct graphical image or picture from a everchanging pool of choices
• bingo card: user enters the requested coordinates (which change each login) from a preprinted "bingo" card (">refer to previous NB article)
• one-time PINs: user enters a number from a list of one-time-use PIN numbers previously mailed, emailed, text-messaged to a mobile phone, or voice messaged to any phone
• shared secrets: the bank and the user establish a serious of shared secrets, one of which must be answered correctly to complete login
• random partial passwords: similar to the shared secret approach, the bank asks for a different portion of the PIN number at each login

For more information, refer to our previous security NetBanker security articles and Online Banking Report (#93/94).

—JB