Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.
Bank websites are expected to adopt some form of ''two-factor" authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.
In two-factor authentication, customers must confirm their identities not only through something they know, like a PIN or password, but also with something they physically have, like a hardware token with numeric access codes that change every minute.
Other types of two-factor authentication include costlier hardware involving biometrics or ''smart" cards that would be inserted into designated readers on a user's computer. Banks might also issue one-time passwords on scratch-off cards or require ''secret questions" about a customer's account.