Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    WS Lounge VIP access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    1,725
    Thanks
    147
    Thanked 156 Times in 149 Posts

    Logging in to bank accounts

    Two questions really. I have two bank accounts. One has given me a card reader (looks like a small calculator). When I login, I have to insert my card, enter its PIN then type the resultant number string into a field on a page and login. This seems to work and the only thing I have to remember is the PIN - which is quite easy. I can login with a password and answer some questions but I haven't done so for a long time.

    My second account (which I've just created) requires me to enter three characters from a password and also a security number. I find this fiddly. Indeed, I would have thought it was less secure than the first bank's method as you really have to note the strings down to know what the e.g. 5th character is.

    What do people think is the better way, and is there an even better way than either of these.

    The other question is that banks now recommend Trusteer Rapport. I've heard that it causes problems, but that was a while ago. What do people think of it?

  2. #2
    5 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    701
    Thanks
    89
    Thanked 8 Times in 8 Posts
    personally i would never log onto a bank account from a pc

    their security is just not up to my standards

    there are other ways to steal passwords and hack accounts and i would no rely on any bank to keep me safe.

    my fear is that their servers will get hacked directly so i am not going to make it easier by loggin in remotely from a pc

    the first bank is creating new random passwords but whether the devices algorithm is known or not so it can be used to deduce your password is unknown.
    i would not trust it.
    these have been used in the past and have had otehr problems even if not hacked.

    the second bank is ridiculous imho.
    but if you want to use them then you have to do it their way. i see no added security with their method.

  3. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 986 Times in 916 Posts
    I use a similar scheme to your second account and use KeePass to enter the characters required - using the "pickchars" placeholder.
    I am happy to use my computer for banking but am very vigilant about software I run on that computer. My tablet has a banking app so I can use it with public WiFi.

    cheers, Paul

  4. #4
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,844
    Thanks
    258
    Thanked 175 Times in 148 Posts
    personally i would never log onto a bank account from a pc

    their security is just not up to my standards

    there are other ways to steal passwords and hack accounts and i would no rely on any bank to keep me safe.

    my fear is that their servers will get hacked directly so i am not going to make it easier by loggin in remotely from a pc
    I understand your point but I'm not sure about the logic behind it. Everything now is going electronic and no matter whether you log into your bank from your PC or not, if the bank get's hacked they have the same information ( other than your IP address ) and your money could be gone.
    The problem with going electronically with everything is that bad guy's hack everything. Banks, Govt's, utilities, personal computer's, Retail store's, et al.
    If you really want to protect your money ( as worthless as it is now-a-day's ), bury it in the back yard like they used to do and someone else in the future can dig up a surprise when you pass away, LOL
    About all you can do is keep your computer as safe as possible.
    I'm not condemning what was said, just giving my Point of View for what it's worth. It won't be long and Robot's will be writing our POV's. LOL, at my age computer's have become a necessary evil.
    Thank God this board is here to explain some of it!

  5. #5
    WS Lounge VIP access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    1,725
    Thanks
    147
    Thanked 156 Times in 149 Posts
    Quote Originally Posted by Paul T View Post
    I use a similar scheme to your second account and use KeePass to enter the characters required - using the "pickchars" placeholder.
    I am happy to use my computer for banking but am very vigilant about software I run on that computer. My tablet has a banking app so I can use it with public WiFi.

    cheers, Paul
    Paul, does that mean you have one computer to do banking work and another to do everything else?

    I've tried Keepass but didn't get on with it - I use Lastpass; I'll see if it has something similar. (I didn't like Roboform either).

    Speedball, my understanding is that the card reader produces a one off password. It's unlikely that anyone could guess the right code (its an 8 character number) even if they know the algorithm. And the card is locked if it's entered three times incorrectly. What do you do for online banking, or do you just go into your local bank?

  6. #6
    4 Star Lounger
    Join Date
    Jul 2011
    Location
    Florida
    Posts
    402
    Thanks
    171
    Thanked 28 Times in 26 Posts
    The banks I use are responsible for any losses due to internet fraud, so I'll leave the security details to them.

  7. #7
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 986 Times in 916 Posts
    Quote Originally Posted by access-mdb View Post
    Paul, does that mean you have one computer to do banking work and another to do everything else?
    No, I use the same computer, but rarely download software and don't watch videos - I've got a TV for that.

    cheers, Paul

  8. #8
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,631
    Thanks
    147
    Thanked 882 Times in 844 Posts
    My bank uses the 2 layer system as well - username and password and then 3 characters from a string, but given the likes of key loggers who would prefer to try and take the info from your computer- then perhaps a bank's security is more difficult to crack than you would imagine.

    They'd have to find a hell of a lot of money to replace should their security ever be hacked - it would make the recent banking crisis look like a hiccup in the Stock Market and where would the Bankers get the money for their bonuses then

    Before I log into my e-mails and other online sites, I always close all websites down, clear the cookies and then run an anti malware scan.

  9. #9
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 986 Times in 916 Posts
    You could always boot Ubuntu from an ISO image in a virtual machine on your PC and use the on-screen keyboard.

    cheers, Paul

  10. The Following 2 Users Say Thank You to Paul T For This Useful Post:

    Fascist Nation (2014-08-30),georgelee (2014-09-08)

  11. #10
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,378
    Thanks
    235
    Thanked 147 Times in 136 Posts
    I was going to suggest a removable tray system w/ one HDD for only banking an the other for every thing else. A boot DVD/CD would serve the same function. Noway for what you do elsewhere on the net to affect your banking drive... Until they give us a UEFI rootkit that is..
    Even if a bank manages to cover your losses the hassle would be something to tell your grandkids about..

    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  12. #11
    Lounger
    Join Date
    Mar 2013
    Posts
    28
    Thanks
    24
    Thanked 0 Times in 0 Posts
    I use Puppy Linux (Slackosave) on a USB flash drive for banking, and I use it for nothing else. All you have to do is to restart, depress F12 (normally) until the options appear, and select the flash drive to boot from. If you wanted to be really paranoid, you could overwrite the stick from a copy of the original after each use. For this, and other reasons, it's best to have a USB 3.0 drive, of small size, say 4 GB. The hard drive can be accessed, so there is no problem in saving downloaded statements where you intend to process them.

    Another option that I have considered (I use VirtualBox) is to create a VM just for banking, and having first set it up, make it immutable (so that nothing is saved; except, of course, anything that you have written to the hard disc on the host).

  13. #12
    Star Lounger
    Join Date
    Mar 2010
    Location
    northern new jersey
    Posts
    50
    Thanks
    1
    Thanked 3 Times in 2 Posts
    If I was really paranoid, I would boot from a Ubuntu CD but Linux does not have all the money management programs that Windows has. A simpler method would be to build one or several virtual PCs and do all computing on the virtual PC sandbox and only banking on the physical PC. (or go further - banking on the physical PC, shopping on one virtual PC, everything else on another virtual PC, another or several for your wife, another for your kids, etc,etc)

    Maybe a simpler and less paranoid method would be to install Opera and only use Opera for browsing to banking sites or any similar method where you use one browser for general browsing and a different browser for banking.

    These methods help avoid the possibility of some kind of key logger or similar form of spying on you. The truth is that most thieves don't really care about you, they want thousands of you (statistics say that 60% of everyone is broke anyway...). Spying or phishing is still a danger but they don't make the big score that thieves really want.

    The thieves won't actually be trying to break into the bank by guessing passwords. Any bank that allows more than a few bad guesses is criminally negligent. People get all hung up about complex password systems but really that complexity during your actual logging in process is not all that important. The danger is that someone is spying or phishing while you log in or someone has gained access to the bank's servers and stolen everybodies password. If the bank is using any method that changes your password every time you log in, that should thwart the spying or phishing. If someone has broken into the bank's servers, anything could happen. Ultimately they should be able to duplicate whatever method the server is using to verify that you are you. All a long complex password gains you is that your password will be harder to crack after the thief has stolen the server files. (related old joke punchline: Why waste time on running shoes, you can't outrun a bear. I don't have to outrun the bear, I only have to outrun you.) Don't you think that the bank should be more concerned that the server files can't be compromised in the first place?

    It's very difficult to know if the bank is doing everything it should just by looking at the external information available to a customer.

    As long as you are protecting yourself from spying and phishing and you are not using the same password someplace else, I think you are doing all that you can do.

  14. #13
    Lounger bcoop's Avatar
    Join Date
    Jan 2011
    Posts
    30
    Thanks
    10
    Thanked 0 Times in 0 Posts
    I "cleaned" a laptop when I bought a new desktop and use it only for banking. I use strong passwords which are not saved by the computer (I enter them myself when I sign on) and I use all the safeguards my bank provides. I keep it updated along with AV and firewall. Surfing for something I want to buy is done on the desktop, then the financial part is done on the laptop. I never consider it totally safe, but everything is so interconnected now that maybe I'm deleting one of the "middle folk" who enter my data anyway!

    I find sometimes Windows doesn't show an update and if I go into the Control Panel and use the "check for updates" link in the security section there is actually one waiting to install. I also read Krebs on Security which has excellent info.
    http://krebsonsecurity.com/tools-for-a-safer-pc/

    One does what one can ... but it's a leaky system!

  15. #14
    Lounger
    Join Date
    May 2010
    Location
    Montreal
    Posts
    34
    Thanks
    5
    Thanked 3 Times in 2 Posts

    I'm with Trev

    Quote Originally Posted by Trev View Post
    The banks I use are responsible for any losses due to internet fraud, so I'll leave the security details to them.
    The banks are responsible for their security , what you should do is read your obligation in their terms of use document , you must use a password that is not related to your date of birth , name or relatives name. You must have up to date antivirus ( free or pay version,) up to date. Firewall must be on and you should use an up to date anti maleware , some banks even suggest how long you should keep the same password. Read the document . If your breached I'm sure the security department will causally question you hoping you'll slip up and say I let my anti virus expire etc. If you read the terms and talk like you know what's doing you will be ok.

    Bob from Montreal

  16. #15
    4 Star Lounger
    Join Date
    Jul 2011
    Location
    Florida
    Posts
    402
    Thanks
    171
    Thanked 28 Times in 26 Posts
    Quote Originally Posted by BobFo View Post
    The banks are responsible for their security , what you should do is read your obligation in their terms of use document , you must use a password that is not related to your date of birth , name or relatives name. You must have up to date antivirus ( free or pay version,) up to date. Firewall must be on and you should use an up to date anti maleware , some banks even suggest how long you should keep the same password. Read the document . If your breached I'm sure the security department will causally question you hoping you'll slip up and say I let my anti virus expire etc. If you read the terms and talk like you know what's doing you will be ok.

    Bob from Montreal
    I never open a new account with any financial organisation without understanding the relative obligations.

    My earlier post was referring to the Bank's security, not mine; I'm quite capable of protecting my own computers.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •