Recent hacking incidents and data breaches have fueled increased concerns over security, and it has become increasingly common for non-financial organizations (such as e-mail providers and social media sites) to provide users with the option of using multi-factor authentication (i.e., the use of a combination of the first factor and one or both of the other two factors).1 Multi-factor authentication is not foolproof, but can significantly enhance security.2 As often implemented, multi-factor authentication requires a user to provide a username/password and a separate code (which may be provided by text message or by a hardware token or software token). Some financial institutions, including some banks,3 broker-dealers,4 and fund groups, now offer multi-factor authentication to at least some of their retail customers.
The use of multi-factor authentication measures by financial institutions and other organizations is likely to become more prevalent in the coming years. Adoption of multi-factor authentication has been slowed by, among other things, concerns over the costs of implementation and customer acceptance. These concerns may diminish over time, as implementation costs continue to fall and as the general public becomes more willing to accept the inherent tradeoffs between added inconvenience and greater security.
Back