SIR - I write in response to the Association of Payment Clearing Services' (APACS) announcement regarding a new user authentication standard.

There is an urgent need for UK industry to break the stranglehold that passwords hold over user authentication. The APACS-proposed standard for strong, ‘two-factor' user authentication represents a practical, risk management-focused solution to this issue which should be much more widely considered by public and private sector organisations.

I applaud the decision to use One Time Passcode (OTP) authentication instead of more ‘sexy' technology, such as PKI digital certificates, which have been piloted in the past and have usually failed due to complexity, cost and lack of user acceptance.

APACS has appreciated that securing users' digital signatures is only 20% about technology. The remaining 80% is about people and how happy they are to use the solution.

OTPs may seem rather mundane and unexciting, but they are a pragmatic and proven security method which is easy to understand for the average consumer. From a technological perspective, they offer a very easy implementation path for the industry.

John Stewart Chief Executive Signify

Source

SMT