Barclays online banking: pinSentry
Discussion
I haven't but colleagues have.
Basically they send you a machine into which you type your pin number. This then outputs a secure number you use to log into online banking. This number changes every time and is synchronized with the banks system.
If you haven't got one phone them up to do the transfer and order one.
Basically they send you a machine into which you type your pin number. This then outputs a secure number you use to log into online banking. This number changes every time and is synchronized with the banks system.
If you haven't got one phone them up to do the transfer and order one.
I have had a similar thing from Natwest. Basically you get you own little device that looks like a calculator. You put your card in and your pin and it generates a unique code which you need to sign on to online banking.
Is optinal at Natwest at the moment, but i'm sure you will have to use it sometime soon.
Oh, and you can block out your card if you get the pin number wrong, I found out the hard way.
Is optinal at Natwest at the moment, but i'm sure you will have to use it sometime soon.
Oh, and you can block out your card if you get the pin number wrong, I found out the hard way.
Existing debit card. You slot in card and enter pin number. Machine gives you a code that is valid for a short period. You type that in and it lets you log in.
Even if that number is intercepted it means that they hacker could not use it more than a very short period later, nothing works without presence of your card and you knowing pin number
I don't know the technology behind it, but assuming they use some variant of the standard trapdoor encryption based on factoring into prime numbers(whose name escapes me for the moment) or anything close to that level of difficulty then it should be very secure
Even if that number is intercepted it means that they hacker could not use it more than a very short period later, nothing works without presence of your card and you knowing pin number
I don't know the technology behind it, but assuming they use some variant of the standard trapdoor encryption based on factoring into prime numbers(whose name escapes me for the moment) or anything close to that level of difficulty then it should be very secure
MiniMac said:
List of banks that don't use this boocks please? I'm with HSBC but will switch if they intro this nonsense.
I am quite capable of keeping my machine secure and my password safe thank you. This stuff has to be opt-in.
Not sure if I like the sound of it. So, will I only need it on transferring funds like prompted, or to login as well?I am quite capable of keeping my machine secure and my password safe thank you. This stuff has to be opt-in.
groucho said:
Not sure if I like the sound of it. So, will I only need it on transferring funds like prompted, or to login as well?
Once you opt in, you have to use it every time you log in. You only need to opt in in order to set up 'non standard' payments, i.e. anything not to well known utility/credit card bill payement accounts. I've no doubt it will become compulsory for everyone soon though - it's a step forward in moving more responsibility for misuse from the bank to the customer.
groucho said:
MiniMac said:
List of banks that don't use this boocks please? I'm with HSBC but will switch if they intro this nonsense.
I am quite capable of keeping my machine secure and my password safe thank you. This stuff has to be opt-in.
Not sure if I like the sound of it. So, will I only need it on transferring funds like prompted, or to login as well?I am quite capable of keeping my machine secure and my password safe thank you. This stuff has to be opt-in.
It's a bloody nuisance
MickC said:
groucho said:
Not sure if I like the sound of it. So, will I only need it on transferring funds like prompted, or to login as well?
Once you opt in, you have to use it every time you log in. You only need to opt in in order to set up 'non standard' payments, i.e. anything not to well known utility/credit card bill payement accounts. I've no doubt it will become compulsory for everyone soon though - it's a step forward in moving more responsibility for misuse from the bank to the customer.
It wasn't optional for me
It's a pain in the 4rse!
I used to keep an eye on my account most days, or check in at work- and actually found barclays online really very good, now i just can't be bothered with the thing. I was capable of keeping my log in info secure already.
Are there any banks definitely not going something like this? Co-op?
I used to keep an eye on my account most days, or check in at work- and actually found barclays online really very good, now i just can't be bothered with the thing. I was capable of keeping my log in info secure already.
Are there any banks definitely not going something like this? Co-op?
groucho said:
Anybody heard of it? I just went to transfer some money from my account and it said I had to set up pinSentry. It sounded like they send you some kind of machine and maybe a new debit card; I don't know.
Anybody used it?
I know someone who had to do this.Anybody used it?
worringly my bank thinks its system is secure as they havent sent me anything like this yet.
So either Barclays are being extra secure, or there is a problem with there system.
or my bank is confident there system is excellent or they dont care. i have no idea which.
all sounds a little bit to much hard work just to acess your own account.
Basic 2 factor authentication; something you have and something you know. Many people including myself have been using it for years to access corporate networks (Windows logon etc) using either small keyfobs or SMS. Companies like RSA, Vasco, Cryptocard etc have been doing this for years. Personally I think it's great that it's filtering down, not just in specifically hi-tech companies or large corporates, as it's added security.
To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
It's a pain in the 4rse!
I used to keep an eye on my account most days, or check in at work- and actually found barclays online really very good, now i just can't be bothered with the thing. I was capable of keeping my log in info secure already.
Are there any banks definitely not going something like this? Co-op?
I used to keep an eye on my account most days, or check in at work- and actually found barclays online really very good, now i just can't be bothered with the thing. I was capable of keeping my log in info secure already.
Are there any banks definitely not going something like this? Co-op?
andy_quantum said:
Basic 2 factor authentication; something you have and something you know. Many people including myself have been using it for years to access corporate networks (Windows logon etc) using either small keyfobs or SMS. Companies like RSA, Vasco, Cryptocard etc have been doing this for years. Personally I think it's great that it's filtering down, not just in specifically hi-tech companies or large corporates, as it's added security.
To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
pinSentry was also hacked a month or two ago. The head of a security company which was purchased by IBM in early 2007 made a right cock up by announcing it at a security press conference.To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
You can introduce a man in the middle attack against the device and inject web pages to take over an account and divert funds.
It appears that IBM legal have been rather speedy on this one as the story has vanished from the original source, Barclays needless to say are not happy bunnies.
I do have transcript of the original article if it would interest anyone.
PinSentry said:
andy_quantum said:
Basic 2 factor authentication; something you have and something you know. Many people including myself have been using it for years to access corporate networks (Windows logon etc) using either small keyfobs or SMS. Companies like RSA, Vasco, Cryptocard etc have been doing this for years. Personally I think it's great that it's filtering down, not just in specifically hi-tech companies or large corporates, as it's added security.
To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
pinSentry was also hacked a month or two ago. The head of a security company which was purchased by IBM in early 2007 made a right cock up by announcing it at a security press conference.To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
You can introduce a man in the middle attack against the device and inject web pages to take over an account and divert funds.
It appears that IBM legal have been rather speedy on this one as the story has vanished from the original source, Barclays needless to say are not happy bunnies.
I do have transcript of the original article if it would interest anyone.
PinSentry said:
andy_quantum said:
Basic 2 factor authentication; something you have and something you know. Many people including myself have been using it for years to access corporate networks (Windows logon etc) using either small keyfobs or SMS. Companies like RSA, Vasco, Cryptocard etc have been doing this for years. Personally I think it's great that it's filtering down, not just in specifically hi-tech companies or large corporates, as it's added security.
To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
pinSentry was also hacked a month or two ago. The head of a security company which was purchased by IBM in early 2007 made a right cock up by announcing it at a security press conference.To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
You can introduce a man in the middle attack against the device and inject web pages to take over an account and divert funds.
It appears that IBM legal have been rather speedy on this one as the story has vanished from the original source, Barclays needless to say are not happy bunnies.
I do have transcript of the original article if it would interest anyone.
Gassing Station | The Pie & Piston Archive | Top of Page | What's New | My Stuff