Scandinavian banks are now issuing one-time passwords to protect customers’ money accounts because customers often use the same passwords for everything, such as easily accessible insecure email accounts.

To access her bank account online, Marie Jubran opens a Web browser and types in her Swedish national ID number along with a four-digit password.



For additional security, she then pulls out a card that has 50 scratch-off codes. Jubran uses the codes, one by one, each time she logs on or performs a transaction. Her bank, Nordea PLC, automatically sends a new card when she’s about to run out.



As more Web sites demand passwords, scammers are getting more clever about stealing them. Hence the need for such “passwords-plus” systems.



Scandinavian countries are among the leaders as many online businesses abandon static passwords in favor of so-called two-factor authentication.



“A password is a construct of the past that has run out of steam,” said Joseph Atick, chief executive of Identix Inc., a Minnesota designer of fingerprint-based authentication. “The human mind-set is not used to dealing with so many different passwords and so many different PINs.”



When a static password alone is required, security experts recommend that users combine letters and numbers and avoid easy-to-guess passwords like “1234” or a nickname.



More here.

0