The problem with these authentication schemes is that they solve yesterday’s problem, says security guru Bruce Schneier, CTO and founder of Counterpane Internet Security. For example, two-factor authentication does nothing to prevent so-called “Man in the Middle” (MIM) attacks or Trojan horse exploits.

In an MIM attack, the scammer lures you to a fake web site where you enter your log-on information. He then logs onto your bank himself, enters your account info, and transmits information back to you via the phony site—so you can complete your transactions and never know you weren’t at your bank’s actual site. He can then log back into your account at any time and have his way with it.

A Trojan horse attack uses a zombie PC to accomplish the same deed. The attacker is alerted when you attempt to log onto your bank. He waits until you’ve finished logging on, then “walks” into the bank with you, where he can do anything he wants with your money.

“Banks are paying far more attention to authentication than they should be,” argues Schneier. “They need to worry about transactions, not individuals.”

Naftali Bennett agrees. “Simple two-factor authentication represents a sledgehammer approach,” says Bennett, CEO of Cyota, which provides Internet security services for 9 of the 12 largest U.S. banks. “We believe authentication should be based on the risk of a given activity.”

Cyota’s scheme involves highly sophisticated analysis software and a relatively low-tech communications ...