Will BofA deploy FIDO spec?
Financial institutions are adding different authentication mechanism for consumers. A story in the summer issue of Re:ID details US Bank, USAA and Wells Fargo efforts but even more recently Chase Bank and Bank of America have added some options.
In the most recent update of its iPhone app, Chase enables individuals to check balances with Touch ID. If a customers wants to send money or pay bills they have to logon with the user name and password but the basic account information is available with a touch of the finger.
Bank of America is being a bit coy with its additional security measures. In an email to customers the financial institution says it’s going to be offering more security tools and a simpler sign-in. In order to access a BofA account users had to enter a username on the homepage which then sent them to a second page where a password was entered and a familiar image – the SiteKey – was seen as proof that the page is genuine and not phished site.
BofA is going to move away from the SiteKey and instead enable user to enter both username and password on the homepage to access account information. The bank is also adding to its security center where customers will be able to add one-time passcodes that can be sent to the mobile device or via email.
Users will also be able to set reminders to reset their passcode every 90 days and be notified if an unauthorized computer or mobile device signs into the account. Customers will also be able to review online and mobile logins.
More information about BofA’s changes will be unveiled before the end of the year. It will be interesting to see if BofA enables the identity specification from the FIDO Alliance, as the bank is a board level member of the online authentication organization.