Passwords + Pictures = Security?
It's getting harder for crooks -- and for you -- to access your financial accounts.
Memorizing a password just does not cut it anymore. Before you access a Bank of America account online, you'll be asked to verify an identifying image (say, a chess piece or some other object) and a phrase that pop up when you log in. E*Trade Financial offers a gadget that works like a digital decoder ring to unlock your account information. Wachovia might ask you for the name of your high school mascot before letting you pull up your bank statement. And some financial firms are experimenting with anti-fraud devices that will take your fingerprint or scan your iris to protect your identity and your money.
Blame financial regulators for the added inconvenience. It's part of an effort to combat identity fraud, which cost the economy a total of $49 billion last year, according to Javelin Strategy & Research.
About 3.7% of U.S. adults were victims of identity fraud in 2006. That percentage was actually down a bit from 2005, perhaps because regulators have required banks to improve online security to make sure you are who you say you are when you log in. And many other financial firms are beefing up their defenses as well. "By the end of the year, the security process will be very different," says Gwenn Bézard, a research director at Aite Group, which studies online security.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
Cyber armor. Companies can select the kind of cyber armor they wear, and Bank of America, ING Direct and Vanguard are up front about their choice: They require you to select an image and a phrase that will appear on your computer screen before you type in your password. If you log on and the image and phrase aren't the ones you chose, you may have been directed to a fake Web site designed to steal your personal information.
Wachovia's security is more subtle. Each time you log on to a Wachovia account, bank software rates the risk that you could be a crook. Use your home computer and you're likely to get hassle-free access. Log on from an Internet café in Hoboken, N.J., then from one in Boston, and you'll probably have to cough up some personal details, such as the name of a favorite childhood pet.
A number of sites call on your people-watching skills. Web-security company Passfaces created an authentication system, adopted by Midwest Independent Bank, that features Brady Bunch-like groups of nine faces. You select three of the faces when you register your account, and you must recognize them in sequence each time you sign on.
Sometimes extra protection comes in small packages. E*Trade customers can request a device called a Digital Security ID, which is small enough to attach to your key chain and spits out a six-digit code when you log on. The number sequence changes every 60 seconds to prevent thieves from stealing your code. Customers who trade more than 30 times every three months get a free Digital Security ID; otherwise, the device costs $25.
Biometric identification -- the scanning of eyes or fingerprints -- is also in use. At a dozen branches in Utah and Idaho, Zions Bank is testing a system that lets customers cash checks if they are willing to use their fingerprints to identify themselves.
Will it work? All the extra fuss may not make our money any safer. When researchers at Harvard University and the Massachusetts Institute of Technology studied the anti-fraud image system used by Bank of America, they found that 58 out of 60 users still logged on to a phony Web site that did not display the images that the users had selected. The system raises the bar for criminals, says Rachna Dhamija, one of the researchers who conducted the study, but "if users don't comply, it's entirely ineffective. They are going to be giving out their credentials to the wrong Web sites."
But let's face it: It's tough to remember images in addition to multiple codes and user names. To help, a number of software programs -- Password Agent ($25), Handy Password ($30) and RoboForm Pro ($30) -- track all your passwords and stow them in a protected file on your computer or handheld device. Of course, you'll have to create yet another password and user name to access their protected files.
No matter how sophisticated it is, no single online-security measure is scam-proof. Even biometric doodads and high-tech code keys can be thwarted. David Cowan, co-founder of VeriSign, an Internet-security firm, says that many crimes could be prevented if banks simply made phone calls to account holders to confirm unusual or suspicious online activity -- such as transfers of large sums of money to other accounts or changes to mailing addresses for accounts.
Get Kiplinger Today newsletter — free
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.
-
Five FAQs About 529 College Savings Plans
Thanks to recent policy changes, families have more options for what to do with money sitting in tax-advantaged 529 accounts.
By Mallika Mitra Published
-
7 Best Places in the US for Wellness Tourism — Beyond California
California doesn't have a monopoly on wellness tourism. These U.S. retreats offer exercise, relaxation and good food in stunning scenery that might be closer to home.
By Becca van Sambeck Published
-
Roth IRA Contribution Limits for 2024 and 2025
Roth IRAs Roth IRA contribution limits have gone up. Here's what you need to know.
By Jackie Stewart Last updated
-
Four Tips for Renting Out Your Home on Airbnb
real estate Here's what you should know before listing your home on Airbnb.
By Miriam Cross Published
-
Five Ways to a Cheap Last-Minute Vacation
Travel It is possible to pull off a cheap last-minute vacation. Here are some tips to make it happen.
By Vaishali Varu Last updated
-
Social Media Scams Cost Consumers $2.7B, Study Shows
Scams related to online shopping, investment schemes and romance top the FTC's social media list this year.
By Joey Solitro Published
-
How to Figure Out How Much Life Insurance You Need
insurance Instead of relying on rules of thumb, you’re better off taking a systematic approach to figuring your life insurance needs.
By Kimberly Lankford Last updated
-
Amazon Big Deal Days Is Coming! We’ve Got All the Details
Amazon Prime To kick off the holiday season with a bang, Amazon Big Deal Days runs Tuesday, October 8 and Wednesday, October 9.
By Bob Niedt Last updated
-
How to Shop for Life Insurance in 3 Easy Steps
insurance Shopping for life insurance? You may be able to estimate how much you need online, but that's just the start of your search.
By Kaitlin Pitsker Published
-
Five Ways to Shop for a Low Mortgage Rate
Becoming a Homeowner Mortgage rates are high this year, but you can still find an affordable loan with these tips.
By Daniel Bortz Last updated