Recent guidance from the Federal Financial Institutions Examination Council (FFIEC) requires financial institutions to employ a strong, multifactor authentication to protect its customers and clients for online transactions. Such guidance triggered many creative approaches, including combinations of knowledge based and machine tagging techniques.
The most common method to authenticate a user to a banking application relies on user identifier, also referred to herein as “user ID”, and password. However, static passwords have limited security measures due to their inherent weakness including, for example, using easy-to-guess passwords, writing down passwords, and using the same password for various services without differentiating the service type or the service organization's reputation. To counter the weakness of static passwords, many organizations have deployed technology that uses a hardware or software token which generates a new random number within a fixed time interval, such as 60 seconds. In addition to having a significant cost factor, such technology also presents problems for customers who have multiple accounts at various organizations requiring them to carry multiple tokens. A phone-based Short Message Service (SMS) solution based one-time password authentication is popular, but it suffers from turn-around speed and constraints related to mobile signal strength.
There is a present need for a solution that resolves all of the foregoing issues in an end-to-end approach for providing, for example, a dynamic password user authentication that is natural and convenient to a user, while providing much higher authentication security than is currently available.