The National Institute of Standards and Technology is trying to bolster e-commerce authentication on desktops and mobile devices.
By Evan Schuman, Contributing Columnist, Computerworld
According to the NCCoE, its recommendation for initiating multifactor authentication borrows from a technique that is already widely used on retail sites. A user could start shopping online with minimally invasive authentication — simply username and password or even auto-login. But as circumstances merit, more could be required. That decision would be based on factors such as “the nature of the product, a known IP address associated with the customer, typical geolocation, and consistency with past patterns of online purchases,” NIST said. In other words, your shopping history and use of various devices at various locations would be analyzed to see if you are behaving unusually — and perhaps are not you.