Online banking security- WTF
Discussion
Signed up for online banking with Santander. No physical card reader used like Barclays do, no RSA key chain code thing either.
1) They post you a customerid which online is changed to a word of your choice 5- 16 characters
2) they post you a passcode which online is changed to a word you like 8-16 characters
3) they post you a registration code which is changed online to a 5 digit code
Have these people not heard of keyloggers! Muppets.
1) They post you a customerid which online is changed to a word of your choice 5- 16 characters
2) they post you a passcode which online is changed to a word you like 8-16 characters
3) they post you a registration code which is changed online to a 5 digit code
Have these people not heard of keyloggers! Muppets.
First Direct are similar - user ID, three letters from your password, plus a passphrase. I like it, I'm not going to carry around some physical token just to get in, and would consider changing banks if they tried to force one on me.
If you're worried about keyloggers, don't use online banking from an untrusted machine - and if you're really paranoid, bring up the on-screen keyboard and type them in with your mouse.
If you're worried about keyloggers, don't use online banking from an untrusted machine - and if you're really paranoid, bring up the on-screen keyboard and type them in with your mouse.
sjg said:
First Direct are similar - user ID, three letters from your password, plus a passphrase. I like it, I'm not going to carry around some physical token just to get in, and would consider changing banks if they tried to force one on me.
If you're worried about keyloggers, don't use online banking from an untrusted machine - and if you're really paranoid, bring up the on-screen keyboard and type them in with your mouse.
I'm with Nationwide and their system is acceptable:If you're worried about keyloggers, don't use online banking from an untrusted machine - and if you're really paranoid, bring up the on-screen keyboard and type them in with your mouse.
- Login requires ID/password/secret code
- Moving money between your own accounts requires no furher authentication
- Moving money outside your own accounts gives you a code to tap into your card reader (reader active with chip/pin) and then the card reader gives a response code which you have to put into the website.
90% of the time I'm doing stuff with my own accounts and savings, the other 10% of the time it's no big issue to use the reader.
mrmr96 said:
sjg said:
First Direct are similar - user ID, three letters from your password, plus a passphrase. I like it, I'm not going to carry around some physical token just to get in, and would consider changing banks if they tried to force one on me.
If you're worried about keyloggers, don't use online banking from an untrusted machine - and if you're really paranoid, bring up the on-screen keyboard and type them in with your mouse.
I'm with Nationwide and their system is acceptable:If you're worried about keyloggers, don't use online banking from an untrusted machine - and if you're really paranoid, bring up the on-screen keyboard and type them in with your mouse.
- Login requires ID/password/secret code
- Moving money between your own accounts requires no furher authentication
- Moving money outside your own accounts gives you a code to tap into your card reader (reader active with chip/pin) and then the card reader gives a response code which you have to put into the website.
90% of the time I'm doing stuff with my own accounts and savings, the other 10% of the time it's no big issue to use the reader.
Barclays requires the reader code to login as well so little chance of some russian or nigerian getting anywhere at all.
Dave_ST220 said:
Engineer1 said:
Lloyds has a nice one, the id, and password are typed in the 3 charachters selected randomly from your security code are selected from drop down lists.
Yep, drop down list can't be logged??I quite like the system.
If paranoid you can keep a password safe on a USB stick (I use KeePass portable, and also have a copy in a dropbox just in case). You can open this from your USB drive and copy/paste any passwords. The only trail you'll leave on a PC is the password you typed into the Password safe, which you can change as soon as you're on a trusted PC if you so choose.
amir_j said:
DocJock said:
They will also ask for a dedicated phone number so that you get an SMS with a OneTimePassword (OTP) for transactions.
Now that sounds a bit better- Is this only applicable from the second time you login? as just did a transfer and went straight through.there may be a default limit (say 100 pounds) when transfering money to an acccount not yours, before the OTP by SMS kicks in.
You may be able to lower this limit online.
(this is how my bank works ... but im in NZ)
ymwoods said:
I wish HSBC did some sort of physical reader.
Not sure I understand how any of these systems work, but I use the Black Horse as mentioned above; drop downs. I also use the The Hong Kong and Shanghai... but they sent me a little plastic thingy that generates a code - is this not what you get?ymwoods said:
I wish HSBC did some sort of physical reader. we get some crappy software that is pretty much a key logger in its self. It monitors what you type and then if it detects you typing a password that resembles one on another site (not just the HSBC site) it tells you off.
They do.The issue I have is that with the business account several people access it from different locations.
Which is a pain with 1 f
king code generator.elster said:
ymwoods said:
I wish HSBC did some sort of physical reader. we get some crappy software that is pretty much a key logger in its self. It monitors what you type and then if it detects you typing a password that resembles one on another site (not just the HSBC site) it tells you off.
They do.The issue I have is that with the business account several people access it from different locations.
Which is a pain with 1 f
king code generator.Gassing Station | Business | Top of Page | What's New | My Stuff