Blogger David Berlind of ZDNet posted a relevant entry to his blog recently concerning a report card by InfoWorld on whether banks will make the federal Web security deadline.According to an original article by Jaikumar Vijayan on Computerworld, most banks appear to be unprepared to meet the Dec. 31 deadline for complying with the federal security guidelines. Many banks are complaining that the guidelines are not mandatory and they don’t specify what form of strong authentication methods should be implemented.A recent Alarmed column by CSO’s Sarah Scalet also bemoans the fact that banks are falling short of these guidelines and that many are proudly marketing authentication that falls far short of any reliable form of online security.Berlind’s fellow ZDNet blogger, George Ou, goes so far as to write that banks are cheating their way toward the guidelines, which list three main factors of security that need to be present: • Something the user knows (e.g., password, PIN).• Something the user has (e.g., ATM card, smart card). • Something the user is (e.g., biometric characteristic, such as a fingerprint).Of course, multifactor authentication requires at least two of the above criteria. However, Computerworld points out that many banks are trying to get around the guidelines by adding one or two additional factors to the most common form of online banking authentication (what the user knows: user ID and password), by piling those items into the authentication process.Ou also points out that no security expert would ever count multiple instances of “something the user knows” as multifactor authentication.These articles and blog posts beg attention from legislative, policy and consumer perspectives, and it would make sense for any security executive to read them closely.By Paul KersteinKeep checking in at our Security Feed for updated news coverage. Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe