The last few months have seen a plethora of consumer focused websites and services, all adding in two-factor authentication systems, in order to improve security. The main focus of these additional authentication steps, generally involve a secondary one time password, being sent to the authenticating user, either via a previously registered email address or mobile phone number. This is moving the authentication process away from something the user knows (username and password) to something the user has - either an email address or mobile phone. Whilst these additional processes certainly go some way to improve security, and reduce the significance of the account password, it highlights a few interesting issues, mainly that password based authentication is still a weak link.
By Security Professionals for Security Professionals