21 September 2018

Additional security for EBICS clients with two-factor authentication and extended password policy

Upcoming versions of BL Banking can use a two-factor authentication via security key. In addition, the program can be further secured with an additional password for the logon.

Security in electronic payments

Payment transactions in companies are among the most security-critical applications of all. Passwords noted down on slips of paper and sticked openly on monitors or something like that are therefore a thing of the past, even without GDPR.

For many companies, however, the dangers associated with the Internet are more threatening and difficult to control. Especially risky in this environment is malicious software that reads data from the PC and picks up passwords using a keylogger.

To protect against attacks of this kind, the German Federal Office for Information Security recommends two-factor authentication, or 2FA for short. Here, the proof of identity of a user is provided by means of two different, independent components (factors): knowing, e.g. a password, and having, e.g. a fingerprint or a security key in the form of a USB token.

Security comes first: Two-factor authentication in BL Banking clients

The EBICS clients of the BL Banking family have always offered various options for protecting program and data. In addition to the recommended use of smartcards, which securely store the private key files on a chip, users will in future be able to use two-factor authentication with a security key.

The particularly user-friendly YubiKey from Yubico is used as the security key, which is configured in the program without any installation of additional software or hardware. Once the key has been registered, the application can only be used in conjunction with this USB token. The security key is used in such a way that a secure one-time password for the program is generated at the push of a button and validated accordingly.

Extended password policies: Separate passwords for login and electronic signature

Also the already existing password policies of the program are extended by a new security function. They now allow the use of separate passwords for starting the program and signing payments.

BL Banking is sold directly by the manufacturer. A 20-day unrestricted demo version of the program is available for download on the website of Business-Logics.