The Rhythm of Identity ManagementBy Doug Bartholomew | Posted 2008-01-30 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Forum Credit Union adopts a multifactor authentication system that identifies users by their unique typing patterns. Sound far-fetched? The method was proven during World War II.
The Problem: How does a $1 billion
The Details: Forum Credit Union last September began using a user-keystroke identification system from BioPassword to validate the identity of its 55,000 members who bank online. “As our business grew, we found we have more and more security issues,” says Carol Minges, director of technology solutions at Forum Solutions, the Indianapolis-based credit union’s software development unit.
In keeping with credit union regulations, Forum was required to implement multifactor user authentication for its online banking system. “You usually need to have two or more factors, because someone can always crack one of them,” says Eric Ogren, president of the Ogren Group, a security consulting firm in
The Context: Although Forum’s online banking hadn’t been victimized by fraud, the organization had been allowing members to access the Internet-based banking system using only their user name and password. “People could share user names and passwords,” Minges says. “The user authentication we had was similar to what you find with 99 percent of the applications on the Internet.”
The Solution: Forum looked at a variety of technologies, including the use of
Forum ran an internal pilot with its employees to test the new technology and method. In the case of BioPassword, however, “new” is a relative term: While the modern application was new, the idea and technique were more than proven.
In the mid-19th century, telegraph operators were known by their “signature” styles of tapping out Morse code. It was commonly accepted that, with experience, each operator developed a unique signature and was identified simply by the person’s idiosyncratic tapping rhythm.