Back in 1996, when leading the development of a Deutsche Bank retail banking project, a software solution allowing the bank's customers to maintain checking, saving, and investment accounts from their home PCs, I became aware of Multi-factor Authentication. An authentication factor is something that's used to authenticate a person's identity and multi-factor authentication is a system, using different methods for authenticating.

In our case, it was a simple two-factor authentication, using something you know (a password or pin) and something you have (a sheet of paper, issued by the bank, containing several one-time passwords).
The implementation was rather simple, for read-access, like getting an account's balance, only the account number and pin was required. For write-access, like buying or selling stock, the customer additionally needed to enter one of the one-time passwords. And of course, requesting and activating a new sheet of one-time passwords also required entering one-time passwords from the old sheet.


More than ten years later and triggered by the growing number of phishing attacks,