Internet Payroll SecurityTo ensure that it does, MyPayrollHR will soon be using the most reliable type of user authentication technology available. Known as two-factor authentication, this is the same technology that the federal government has mandated banks to begin using to secure their customers on-line bank accounts. Most payroll companies use simple User ID/Password schemes ("one-factor authentication") to secure their customers on-line accounts. There are two major problems that make these authentications schemes less secure. First, User ID and Passwords are increasingly the target of sophisticated email phishing scams and malicious spyware programs. Secondly, most people tend be fairly relaxed when creating their own passwords, often using easy to guess phrases or numeric sequences (such as a birthday). Two-factor authentication adds "something you have" as the second factor in the authentication process. Each end-user is assigned a hardware device that generates a unique number every 60 seconds. (Because the number is unpredictable and dynamic, it would be virtually impossible for a hacker to guess the correct number at any given time.) When logging on, the user simply enters this number in addition to the standard UserID and Password. MyPayrollHR will soon be implementing two-factor authentication using the SecurID system developed by RSA Security, Inc. The RSA SecuriD is one of the world's leading two-factor authentication solutions.
|
