Ryan Singel from Wired News: : writes a fair analysis and roundup of technologies represented at the recent RSA security conference. Even though the term "two factor" authentication has been circulating the industry in application to minimum security products like Passmark it continues to amaze me that no one has stopped to think that displaying a graphic on a web page is really not a legitimate second factor to a username and password. Also the comment repeated in the article that PGP''s Callas' "likes PassMark Security's solution, which examines the device a user logs in from, looking for a number of factors including IP address and a secure cookie or Flash object the bank has previously stored on the machine". The technology is clearly not a legitimate two way strong authentication system worthy of being termed a "second factor". It's more like one-and-a-half-factors which will get banks and consumers in hot water sooner than later.
Official Web site of Inventor Ric Richardson