PistonHeads
PistonHeads
Buy
Sell
Forum
Gassing Station » The Pie & Piston Archive
PistonHeads » Gassing Station » Archive » The Pie & Piston Archive
Barclays online banking: pinSentry
My ProfileMy PreferencesMy Mates
SearchMy Stuff
What's New3122472

Barclays online banking: pinSentry

Reply
Show all posts
Show all posts
Reply
Show all posts
Author
Discussion

groucho

Original Poster:

12,134 posts

248 months

[report]
[news]
Thursday 10th January 2008
quotequote all
Anybody heard of it? I just went to transfer some money from my account and it said I had to set up pinSentry. It sounded like they send you some kind of machine and maybe a new debit card; I don't know.

Anybody used it?

groucho

Original Poster:

12,134 posts

248 months

[report]
[news]
Thursday 10th January 2008
quotequote all
MiniMac said:
List of banks that don't use this boocks please? I'm with HSBC but will switch if they intro this nonsense.

I am quite capable of keeping my machine secure and my password safe thank you. This stuff has to be opt-in.
Not sure if I like the sound of it. So, will I only need it on transferring funds like prompted, or to login as well?

groucho

Original Poster:

12,134 posts

248 months

[report]
[news]
Thursday 10th January 2008
quotequote all
PinSentry said:
andy_quantum said:
Basic 2 factor authentication; something you have and something you know. Many people including myself have been using it for years to access corporate networks (Windows logon etc) using either small keyfobs or SMS. Companies like RSA, Vasco, Cryptocard etc have been doing this for years. Personally I think it's great that it's filtering down, not just in specifically hi-tech companies or large corporates, as it's added security.

To the person who keeps their machine secure, please bear in mind it's only as good as the wekest link and other such IT related cliches, you dont have total control over your machine and everything to make it more secure should be seen as a good thing.
pinSentry was also hacked a month or two ago. The head of a security company which was purchased by IBM in early 2007 made a right cock up by announcing it at a security press conference.

You can introduce a man in the middle attack against the device and inject web pages to take over an account and divert funds.

It appears that IBM legal have been rather speedy on this one as the story has vanished from the original source, Barclays needless to say are not happy bunnies.

I do have transcript of the original article if it would interest anyone.
So it's not safe.
Reply
Show all posts
Show all posts
Reply
Show all posts

Gassing Station | The Pie & Piston Archive | Top of Page | What's New | My Stuff