Banking and Two-factor Authentication

There's an interesting article in Network World this week, written by Daniel Blum:

Authentication: Where's the magic factor?

As someone who uses online banking as much as possible, I welcome the concept of two-factor authentication to increase security. As the article points out, however, which two factors will the banks choose? There is an overabundance of options from a number of different vendors.

I think the solution that wins out will be the one that accomplishes the following:

1. The bank will have a favorable ratio of good publicity to low cost of implementation.
2. The user will have increased confidence in their personal safety.
3. The user will little or no trouble adapting to the new authentication method.
4. The bank will be able to place more blame on users in the event of a security breach.

Obviously, since the banks will be footing the bill, the benefits that apply to them will probably outweigh everything else. But don't discount the weight of public opinion. If Bank A decides to implement this unwieldy biometric solution that requires each account holder to take a trip to the bank to have their retina scanned, and to pick up the scanner device to attach to their computer, they may lose customers to Bank B, who decided to send everyone an RSA SecureID token to use with their account. While Bank A might have gone with the more secure solution (depending on your opinion of the accuracy of biometrics), Bank B has caused less inconvenience to their customers while still greatly increasing the security of their online banking solution.