Category Archives: Information Security

Two Factor Authentication – Bank Security Explained (1 of 4)

I recently looked at four different aspects of the security posture of a number of US banks. I’d like to explain in detail what these security controls are and why they’re important. In this post I’ll explain what two factor authentication is and why you should be using it everywhere you can.

To start off, I’d like to define authentication. Authentication is the process by which one proves that they are who they say they are. In the case of most internet sites this is done with a username and password. I tell the site who I claim to be with my username, and prove it by providing something that only I would know: my password. That’s one factor authentication. Continue reading Two Factor Authentication – Bank Security Explained (1 of 4)

Reviewing US Banks’ Web and Email Security

I have had an account with the same bank for a really long time. Perhaps the time has come to switch to a new bank. After all in 2016 my bank still doesn’t offer two factor authentication, EMV cards, and several other modern features that I see from other banks. I’d like a bank that takes information security seriously, it seems like my current one does not. While I’m sure I could find clean compliance based audits for each of these banks, I would prefer to take a different, more open approach. For this exercise let’s just look at email and web site security.

Summary Report

My research methodology (inspired by Mark Stanislav’s MASSACRE talk) is broken down into four steps. Each step will be awarded a letter grade. At the end an average for each bank will be determined.

Continue reading Reviewing US Banks’ Web and Email Security