According to a Gartner Research note written by analyst Avivah Litan, two-factor authentication, which protects online bank accounts with both a password and a computer-generated one-time passcode, isn’t secure enough.

“[In] the past few months, Gartner has heard from many banks around the world that rely on one-time-password authentication systems,” writes InformationWeek’s Thomas Claburn. “Accounts at these banks have been compromised by man-in-the-middle attacks – the report uses the terms ‘man-in-the-browser’ – despite the use of two-factor security.”

“The Gartner report recommends [additional] defenses to monitor user behavior and/or transaction values, as well as out-of-band transaction verification,” Claburn writes.

Click here to read the InformationWeek story.