Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    allan673
    Hsbc new secure key - i hate it !!!
    • #1
    • 16th Jul 11, 9:19 AM
    Hsbc new secure key - i hate it !!! 16th Jul 11 at 9:19 AM
    hi, ive been with hsbc for 14 years and today i set up and registered the secure key.
    and ive got to say i hate it, everytime you log in you have to generate a new secure code on a calculator style device, similar in size to a debit card.
    so basically you must always have this device with you if you want to log in to hsbc's internet banking.
    it is so stupid, and not practical for me at all. i am a regular user of internet banking and this makes it such a pain "have hsbc even thought about this?????"

    probably others will love it??? i know security is important but i find having to have this device with you is ridiculous.

    so much so i am already looking to swap banks and take all my savings away from hsbc.
    can anyone else recomend a good internet banking facility? with the ability to stop and remove direct debits online etc, and easy to use.

    how is everyone else finding it.
Page 1
    • Lith
    • By Lith 16th Jul 11, 10:03 AM
    • 864 Posts
    • 239 Thanks
    Lith
    • #2
    • 16th Jul 11, 10:03 AM
    • #2
    • 16th Jul 11, 10:03 AM
    its a good size, for a wallet, i've had no problems with it..

    its barclays pin sentry i have a problem with. far to big
    HSBC (Main A/C)
    Halifax Back up A/C
    Lloyds (Spending) A/C
    RBS Back up A/C
    Barclays Old A/C
    Nationwide Old A/C
  • allan673
    • #3
    • 16th Jul 11, 10:32 AM
    • #3
    • 16th Jul 11, 10:32 AM
    le loup thanks for the sarcastic answer - very nice of you.
    my problem is you cannot log into hsbc online unless you have the device with you.
    • Grimbal
    • By Grimbal 16th Jul 11, 10:38 AM
    • 2,188 Posts
    • 3,431 Thanks
    Grimbal
    • #4
    • 16th Jul 11, 10:38 AM
    • #4
    • 16th Jul 11, 10:38 AM
    Have to admit I'm not a fan either. I've put it on my car key - my thinking is that I'm such a lazy b*gger that as I never go anywhere without the car, I won't be without the little gadget either

    anyone know how it works out of interest? Is it a random number generator - and if so, how is this transmitted? Or is it loaded up in advance with a series of numbers? Been driving me mad thinking about it since I first received it
    "Science is a wonderful thing if one does not have to earn one's living at it" Einstein 1951
    • tellmeitsfriday
    • By tellmeitsfriday 16th Jul 11, 10:39 AM
    • 2,315 Posts
    • 14,729 Thanks
    tellmeitsfriday
    • #5
    • 16th Jul 11, 10:39 AM
    • #5
    • 16th Jul 11, 10:39 AM
    my problem is you cannot log into hsbc online unless you have the device with you.
    Originally posted by allan673
    To be honest, that's probably what it's designed to do.

    I hate it too! I have a HSBC Credit Card, so I've been lumbered with one.

    My main account is with First Direct, and I love it - I am still waiting for a proper reply to a message I sent them asking if there were planning to implement the hideous thing. Their reply was basically "security is important to us"
    • Lokolo
    • By Lokolo 16th Jul 11, 11:21 AM
    • 19,858 Posts
    • 14,948 Thanks
    Lokolo
    • #6
    • 16th Jul 11, 11:21 AM
    • #6
    • 16th Jul 11, 11:21 AM
    With the number of smart phones now available I don't know why you can't have an app on your phone which replicates the secure code device. Would be a lot easier. Blizzard use it for their games such as WoW and Starcraft2.
    • Thrugelmir
    • By Thrugelmir 16th Jul 11, 11:45 AM
    • 56,255 Posts
    • 49,621 Thanks
    Thrugelmir
    • #7
    • 16th Jul 11, 11:45 AM
    • #7
    • 16th Jul 11, 11:45 AM
    probably others will love it??? i know security is important but i find having to have this device with you is ridiculous.
    Originally posted by allan673
    Device has been around for many years for accessing business account banking software. With the accepted weakness in online banking security. This seems an acceptable measure of protection. If someone raided your online banking accounts you'd be up in arms. So the banks can never win.
    “Opportunities come infrequently. When it rains gold, put out the bucket, not the thimble”
    ― Warren Buffett
  • allan673
    • #8
    • 16th Jul 11, 11:45 AM
    • #8
    • 16th Jul 11, 11:45 AM
    my mortgage is with first direct. i may transfer my banking to them? i am looking this weekend at alternatives to hsbc. are lloyds any good for internet banking??
    • Lokolo
    • By Lokolo 16th Jul 11, 11:49 AM
    • 19,858 Posts
    • 14,948 Thanks
    Lokolo
    • #9
    • 16th Jul 11, 11:49 AM
    • #9
    • 16th Jul 11, 11:49 AM
    my mortgage is with first direct. i may transfer my banking to them? i am looking this weekend at alternatives to hsbc. are lloyds any good for internet banking??
    Originally posted by allan673
    Halifax and Lloyds have the same, I prefer HSBCs though (apart from the device).
    • charlieboycat
    • By charlieboycat 16th Jul 11, 11:53 AM
    • 337 Posts
    • 109 Thanks
    charlieboycat
    are lloyds any good for internet banking??
    Originally posted by allan673
    I find them ok (like many on here, I have multiple Vantage accounts). No card reader or other device involved - and since they've only recently overhauled their online banking I would assume they have no plans to introduce them.
  • *Ro*
    Ironically just got mine in the post this morning
    err will see how it goes, probably will end up not using the account and getting blocked.... !!!!!!
    • Thrugelmir
    • By Thrugelmir 16th Jul 11, 12:07 PM
    • 56,255 Posts
    • 49,621 Thanks
    Thrugelmir
    my mortgage is with first direct. i may transfer my banking to them? i am looking this weekend at alternatives to hsbc. are lloyds any good for internet banking??
    Originally posted by allan673
    Used online banking for many years never had major issues. Recently the software had a facelift. Overall I would say made application less user friendly. Still adequate for day to matters though.
    “Opportunities come infrequently. When it rains gold, put out the bucket, not the thimble”
    ― Warren Buffett
    • Sharon87
    • By Sharon87 16th Jul 11, 1:00 PM
    • 3,507 Posts
    • 2,976 Thanks
    Sharon87
    Ironically just got mine in the post this morning
    err will see how it goes, probably will end up not using the account and getting blocked.... !!!!!!
    Originally posted by *Ro*
    Online banking told me when I had to update by, I did it at the last minute.

    I find the Secure Key encourages me to use my internet banking less, so if there's unusual activity on my account I might not spot it! I lost the secure key for about a week and didn't check my account for that whole week, I use to log on once or twice a day.
    • DCFC79
    • By DCFC79 16th Jul 11, 1:25 PM
    • 30,425 Posts
    • 19,235 Thanks
    DCFC79
    I can see it being annoying but its for security reasons, luckily my rbs and natwest accounts dont use this feature although i do have the card reader device but only in use when setting up stadning orders.
    Can people stop loaning money/being a guarator to family/friends, it rarely ends well and you lose out as your money is gone or you get shafted with being a guarantor.
    • Sharon87
    • By Sharon87 16th Jul 11, 4:27 PM
    • 3,507 Posts
    • 2,976 Thanks
    Sharon87
    Yeah I find the secure key best when it's only to make transfers, not for logging in all the time
    • aardvark65
    • By aardvark65 22nd Jul 11, 12:43 PM
    • 272 Posts
    • 115 Thanks
    aardvark65
    Online banking told me when I had to update by, I did it at the last minute.

    I find the Secure Key encourages me to use my internet banking less, so if there's unusual activity on my account I might not spot it! I lost the secure key for about a week and didn't check my account for that whole week, I use to log on once or twice a day.
    Originally posted by Sharon87

    I completely agree. It is not user friendly, makes me not want to bother and I used to keep a close eye on my account. It also looks like it will break fairly easily or if you do carry around will get lost - thereby stopping you accessing your account at all. There must be an easier way of providing security!
  • hermante
    anyone know how it works out of interest? Is it a random number generator - and if so, how is this transmitted? Or is it loaded up in advance with a series of numbers? Been driving me mad thinking about it since I first received it
    Originally posted by Grimbal
    Each device contains a clock and a unique code. When you press go, it calculates a hash based on the date/time and your code. HSBC does the same calculation. (The time is only accurate to a few seconds so that you don't time out.)


    With the number of smart phones now available I don't know why you can't have an app on your phone which replicates the secure code device. Would be a lot easier. Blizzard use it for their games such as WoW and Starcraft2.
    Originally posted by Lokolo

    1. Not everyone has a phone, and there are different models which update their software every so often. Exploits are discovered daily. New phones come out all the time. It is easier to have every customer use the same device (WORLDWIDE - there used to be different devices in different countries but they are now standardising it), and one that they are at least nominally in control of.

    2. The unique code for every customer's login has to be programmed into a phone app. If you know the code, you can duplicate the app (or the securekey itself) which will allow you to log in without the genuine customer knowing. Also, the device is meant to be tamper-proof, while anyone with access to the app can work out what formulas they use. It's probably possible for a determined attacker to gleam a customer's code from their phone by walking behind them for a few minutes.

    For Blizzard it's no different to logging in with one username and password, which you can do on the bank's site itself. I hope it's clear that the banks want to take an extra form of security, requiring something that only you know as well as something that only you have.


    The disadvantage is that there is a single point of failure. If HSBC or RSA are compromised (RSA was compromised recently) then everyone's data is at risk, but at least it is absolutely their fault and they probably have contracts and insurance for those situations.


    Personally, I find it a minor nuisance, especially just for logging in, but you just have to get used to it. I am probably in breach of their T&Cs as I occasionally need family members to log in to my account or vice versa, however now the person logging in needs to be awake at the same time as the person with the device, and they both need to be in an area with phone reception!
  • Sagar Fuzz
    I have to say, I really hate it. If I am being really cynical, I suspect it is just a way of banks pushing the risk onto you, the customer. This is classic corporation technique - always try to make the other party take on the risk if there is any risk to be had.

    No-one could steal my passwords before, but anyone could steal this device. Sure, they'd have to have my passcode to log on, but if passwords / codes are so insecure, doesn't this just add an annoying extra step for the thief, rather than stop them?

    Internet banking is supposed to be instant access, anywhere. Now I can hardly log on as I don't want to carry this hee-haw around with me. Hence, I check my account far less, hence a greater chance of missing any errors/fraud appearing in my account.

    A classic case of missing the element of human nature and thinking technology would solve everything? Of being able to point the finger of blame at the customer instead of at the bank? You decide!
    • scgf
    • By scgf 6th Aug 11, 6:09 PM
    • 353 Posts
    • 131 Thanks
    scgf
    This sort of thing was one of the reasons I changed banks. I went with Metro Bank - they have no such security device, and don't even operate the secure Mastercard scheme for when you buy something with your debit card online. Worth a day out in London to open the account - you walk out of the branch with your cheque book, debit card and online banking all set up. No fees on overseas transactions either, and their online banking service is excellent.
    • Bloomberg
    • By Bloomberg 6th Aug 11, 11:22 PM
    • 657 Posts
    • 268 Thanks
    Bloomberg
    So clever
    Have to admit I'm not a fan either. I've put it on my car key - my thinking is that I'm such a lazy b*gger that as I never go anywhere without the car, I won't be without the little gadget either

    anyone know how it works out of interest? Is it a random number generator - and if so, how is this transmitted? Or is it loaded up in advance with a series of numbers? Been driving me mad thinking about it since I first received it
    Originally posted by Grimbal

    I did read somewhere that the secure key has a clock inside it, every minute or so your access code changes. I generated a code and did not actually logged on. When I actually generated a code to log on a couple of hours later it worked.

    This suggests that it is not loaded up with a series of numbers. I can only guess that the clock in the secure is somehow in sync with the HSBC database. This system seems so secure that I can only assume other banks will soon follow suit. Sorry I cannot answer your question about how this system works.
    Money is a wise mans religion
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

119Posts Today

3,012Users online

Martin's Twitter
  • RT @bearface83: @MartinSLewis check out the @Missguided new 60% off offer. Upping the cost of items almost double to make us think it?s a?

  • RT @efitzpat: Thank you SO SO much @MartinSLewis for your Student Loans refund advice! I just got a grand refunded right before Xmas! Whoop?

  • Have a lovely weekend folks. Don't do anything (fiscally) that I wouldn't do!

  • Follow Martin