Schneier talks about two new attacks he is seeing to two-factor authentication. Back in 2005, I wrote about the failure of two-factor authentication to mitigate banking fraud: Man-In-The-Middle and a Trojan attack. Read on to See how two-factor authentication doesn't solve anything? In the first case, the attacker can pass the ever-changing part of the password to the bank along with the never-changing part. And in the second case, the attacker is relying on the user to log in.

The link for this article located at Bruce Schneier is no longer available.